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End of days for Sun 

Acquisition, portfolio mismanagement led to downfall 



ANALYSIS 



BY ALEX HANDY 

Sun Microsystems passed away 
on July 16, 2009. On that day, 
the company's shareholders 
voted to accept the merger 
agreement, proposed by Ora- 
cle, to purchase the company 
for US$5.6 billion, or $9.50 per 
share. Sun's CEO, Jonathan 
Schwartz, and its chairman of 
the board and cofounder, Scott 
McNealy, were not present 
for the share- 
holder vote. 

Only nine 
years ago, Sun's stock was at 
$257 per share, with a market 
cap of almost $100 billion, and 
the company was making its 
own multi-billion-dollar acqui- 
sitions. So how did it all go 
bad? Sun executives would not 
comment for this story, but 
sources say that the company's 
downfall came thanks to bun- 
gled acquisitions and an inabil- 
ity to turn technological inno- 
vation into reliable streams of 
money. 

"Sun Microsystems is the 
Jack Kevorkian of technology 
acquirers," said Bill Roth, for- 
mer group manager at Sun from 
1997 to 2003, where he super- 
vised the launch of Java EE and 
Open Office. He said Sun fre- 
quently squandered acquired 
technology, and that its failure 
to address this pattern led to its 
ultimate demise. 

"Look at all the acquisitions 




With declining earnings and market share, SD Times asked "Is Sun Toast?" 
on the cover of its June 15, 2004 issue. It hung on for five more years. 



Sun made from 1996 through 
2006, and I think you'll see 
that two out of the 40 did not 
fail. One was the piece they 
bought from Cray [in 1996 Sun 
purchased the Cray Business 
Systems Division from Silicon 
Graphics, and used the tech- 
nology to create a new back- 
plane board for its servers], the 
other you could argue was 
StorageTek," said Roth. He 
highlighted the company's $2 
billion purchase of Web server 
producer Cobalt Networks as 
symbolic of botched acquisi- 
tions. 



Cobalt was a hot property in 
2000 when Sun purchased it. 
Cobalt made one of the first 
dedicated commercial Web 
servers, but when Sun acquired 
Cobalt, it imposed supply chain 
restrictions that forced the 
smaller company to use Sun's 
hardware providers. As Cobalt 
was an Intel-based platform, 
Roth said that these supply 
chain restrictions resulted in a 
nine-month period after the 
acquisition during which 
Cobalt couldn't produce any of 
its servers for sale. In that time, 
continued on page 16 ► 



Open-source group 
aims at government 



BY ALEX HANDY 

When the going gets transpar- 
ent, the transparent get orga- 
nized. On July 22, the Open 
Source for America (OSA) orga- 
nization was unveiled in San 
Jose at OSCON to promote the 
use of open-source software in 
government. 

OSCON is the Open Source 
Convention, an annual conference 
sponsored by O'Reilly Media. 

As its first significant act, the 

coalition has engaged Washington 

lobbying firm Mehlman Vogel 

continued on page 20 ► 




Red Hat's Tom Rabon says that OSA 
may eventually turn to lobbying. 



With code, Microsoft 
warms up to the GPL 



BY DAVID WORTHINGTON 

Microsoft's contribution of GPL- 
licensed drivers to the Linux ker- 
nel community signals that it is 
open to participate in open- 
source projects regardless of 
the license, says Sam Ramji, 
Microsoft's senior director of 
platform strategy. 

However grand Microsoft's 
intentions may be, an analyst 
views it less as altruism and 
more as a targeted move by 
Microsoft to further its visual- 
ization strategy. 

Microsoft is working with Lin- 
ux driver project lead and Novell 



fellow Greg Kroah-Hartman 
that Linux Integration Compo- 
nents (LinuxIC) is ready for the 
next release of the Linux kernel, 
version 2.6.32, according to Hank 
Janssen, principal group program 
manager of Microsoft's Open 
Source Technology Center. 

The code "needs works" and 
does not meet the kernel team's 
standards, Kroah-Hartman said. 
It is currently in the kernel's stag- 
ing directory. Microsoft will 
maintain the drivers. 

Microsoft is responding to 

competition from VMware, said 

continued on page 20 ► 
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Smarter technology for a Smarter Planet: 

Can the boundaries of a 
business be defined by its 
people instead of its walls? 

Businesses like nice solid walls, both the physical and the fire variety. 
But on a smaller, flatter, smarter planet, we increasingly find ourselves 
working with people far outside those walls: partners, suppliers, 
customers and remote employees. Instead of protecting, those nice 
solid walls stand in the way of how people want to work. 

IBM is incorporating new tools like social software, wikis, blogs and 
presence awareness throughout its entire collaboration portfolio to help 
people in companies reach beyond their walls. The next challenge is to 
give people the tools they need anytime and anywhere they need them, 
not when their tech department has time to set them up. 

That's why IBM is offering a new way of accessing its collaboration and 
social networking tools: through the cloud. To the individual, cloud-based 
tools like LotusLive™ let people work securely with whomever they want 
to, regardless of what side of the firewall they find themselves on. To the 
organization, these collaboration tools enhance the productivity of its 
employees without the cost and complexity of building and managing 
any additional infrastructure, giving them a seamless extension of their 
capabilities. And it's all backed by the legendary security that companies 
expect from IBM. So organizations don't have to tear down their walls 
to reach beyond them. 

A smarter business needs smarter software, systems and services. 
Let's build a smarter planet, ibm.com/collaborate 
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intersoft Solutions' 

A better web experience" 



WebUI Studio® 2009: Endless Possibilities 

9 new innovations. 250 new features. 40 premium components and counting. 



New in WebUI Studio 2009 for A5P.NET: 

1 Ox fa ste r Gri d now wit h best Go u d s u pp ort, cl i e nt b i nd I ng , 
advanced batch update, ASRNET MVC support, and more. 

1 New full -featured rich text editor with Word -sty le spell check* 
buMt-in media gallery, and real-time AJAX Upbader. 

> Enhanced AJAX Manager now with native JSON support and 
improved XHTML support 



New in WebU I Studio 2009 for Sil verlight: 

^ Revolutionary data presenters with 5 built-in views, one-dick 
vfew switching, extensible architecture., sleek UX r and more. 

j Declarative data source to instantly connect to WCF, Astoria, and 
*r .NET RIA Services with full Sifverflght 3 support. 

j Industry's fastest Grid powered with innovative Virtual Scroll™, 
"^ comprehensive editing, Vista-style filter, data drill, and more. 
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WebUt Studio 2009 Premier* provides the most advanced and comprehensive set of presentation layer components available today! 

Download the free trial now: wwwJntersoftpt.com/WebUIStudio 



^ WebUI Studio 9 

Delivers War Id Class. Rich Internet Applications" 



■ OH Intecjoft Solutions: Corp, KAfabUI Studio ii a rMjnte*od TTddsfnark of InlG^ioft Solutions Corp. AJl righlj reserved. 
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Microsoft's MVC framework freed as open source 



Mono 2.4.2.1 redistributes the ASP.NET component 



BY DAVID WORTHINGTON 

The Mono project is redisribut- 
ing Microsoft's ASRNET MVC, 
a high-level component of the 
.NET Framework used for 
building Web applications that 
follow a model-view-controller 
(MVC) pattern framework. The 
redistribution process began in 
early July. 

Microsoft's decision to make 
more of the .NET Framework 
available under open-source 
licenses is a sign that it may be 
embracing a greater cross-plat- 
form vision in response to com- 
petition from Google, an ana- 
lyst says. 

Google's Chrome operating 
system announcement probably 
gave more ammunition to those 
individuals within Microsoft 
who were advocating stronger 
cross-platform capabilities for 
Microsoft frameworks and 
tools, said Michael Goulde, a 
retired open-source analyst for 
Forrester. "Google has taken 



Linux into competition with 
Windows, and Microsoft real- 
izes that it will have to change 
the level it is competing at. 

"Microsoft is finding it in- 
creasingly difficult to position its 
strategic center of gravity around 
Windows. They need to be able 
to play well on other operating 
systems with their platform," 
he said. "This is great for devel- 
opers and great for customers. 
Microsoft has some really great 
software and has been artificially 
limiting its availability." 

MVC COMES UNDER MS-PL 

Mono runs on multiple operat- 
ing systems, including Linux, 
Mac OS X and Solaris. The 
Mono project is an open-source 
implementation of the Common 
Language Infrastructure (CLI), 
a technology created by 
Microsoft that was subsequently 
standardized by ECMA and ISO 
International. Microsoft has 
supported Mono's development 



OMG leads drive 
for cloud standards 



BY DAVID WORTHINGTON 

The Object Management Group 
(OMG) is spearheading a multi- 
party effort to establish a uni- 
form vocabulary for cloud com- 
puting, as well as to synchronize 
standards development. 

OMG announced the collab- 
oration at its Cloud Standards 
Summit on July 13. Participants 
include the Distributed Manage- 
ment Task Force, the Open Grid 
Forum, the Storage Networking 
Industry Association, the Open 
Cloud Consortium and the 
Cloud Security Alliance. 

"There is a huge amount of 
excitement about cloud com- 
puting, but sometimes hard 
information or agreement 
about what terms mean has 
been too hard to come by," said 
Andrew Watson, OMG vice 
president and technical direc- 
tor. OMG's objective with the 
standards group is to establish a 
set of terms so that users know 
that vocabulary across organiza- 
tions and providers is consis- 
tent, he explained. 

It is also coordinating speci- 
fication activity "to make sure 



we don't tread on each other's 
toes," he said. That work will 
focus on the deployment and 
configuration of services, inter- 
operability and security. 

Day-to-day interactions of 
the cloud group will happen via 
a wiki and e-mail, Watson said. 
There will also be quarterly 
meetings; two meetings have 
taken place already. 

The first meeting, in 
March, was an "ad hoc gather- 
ing" to discuss cloud standards, 
and the idea of forming the 
group emerged at that meet- 
ing, he said. The July meeting, 
he said, was used by partici- 
pants to "map out how their 
various initiatives relate to 
each other." 

OMG's technical contribu- 
tion is likely to be in modeling 
cloud deployment, especially 
service-level agreements, he 
said. Separately, its Gover- 
nance, Risk Management and 
Compliance Roundtable will be 
active in providing resources, 
such as best practices and doc- 
umentation, for cloud service 
provisioning, he added. I 



with technological assistance. 

The July 6 release of Mono 
2.4.2.1, a bugfix for Mono 2.4, 
redistributed the MVC frame- 
work. Microsoft placed MVC 
under the Microsoft Public 
License (Ms-PL) in April. 

"We just ship Microsoft's 
open-sourced ASRNET MVC; 
they licensed it under the Ms- 
PL," said Mono project leader 
and Novell vice president 
Miguel de Icaza. 

The Ms-PL is an open-source 
license that was approved by the 
Open Source Initiative in 2007. 

The Ms-PL is the least 
restrictive of Microsoft's open- 
source licenses, and it allows for 
distribution of compiled code 
for both commercial and non- 
commercial purposes. 

On July 7, Microsoft placed 
ECMA-based implementations 
of the CLI and the C# pro- 
gramming language under its 
Community Promise, a promise 
by the company not to assert its 
intellectual property rights for 
covered technologies. 

Microsoft has also open- 
sourced the Managed Extensi- 
bility Framework, a library 
found in .NET 4.0 that enables 
greater reuse of applications 
and components, as well as the 
Dynamic Language Runtime, 
which allows developers to use 
dynamic languages, such as 
Python and Ruby, on the .NET 
Framework. Roth are licensed 



HOW THE MVC FRAMEWORK WORKS 



STEP1 

Incoming n^ques* dieted 
to ControElar. 



STEPS 

Controller proeossei request 
and forms a data Model. 




STEP 4 

ViEW trans For tis Model into 
appropriate output format. 

under the Ms-PL. 

"Those are all big boosts to 
developers, both [for] those 
that need to reuse the code and 
for us, since we can ship as part 
of Mono," said de Icaza. 

However, Microsoft has not 
placed other .NET frameworks, 
such as ADO.NET, ASP.NET, 
Windows Forms and Windows 
Workflow Foundation, under 
open source. 

LEAVE IT TO THE DEVS 

Sam Ramji, Microsoft's senior 
director of platform strategy, said 
that the company's developer 
division would make decisions 
regarding any future open- 



Response \s rendered. 

Source: Microsoft 

source framework releases. 

"The intention of open- 
sourcing MVC and releasing 
source code to frameworks like 
that is to get adoption," he 
added. "The CLI has had amaz- 
ing growth and is an expanded 
engagement with developers." 

Goulde added: "In the long 
run, Microsoft is very risk 
averse. Many people there have 
trouble with this kind of strate- 
gy. People in favor of this strat- 
egy will have to work incremen- 
tally to gain confidence of 
management that open source 
will not kill the business. We'll 
see more stuff as the strategy 
proves itself." I 



ADAPTIVE ALM TOOL SUITE BUILT FOR AGILE 



BY DAVID RUBINSTEIN 

Agile life-cycle management 
tool maker ThoughtWorks Stu- 
dios will release this month 
Adaptive ALM, which the com- 
pany says offers companies soft- 
ware that adapts to their 
processes and practices. 

Adaptive ALM consists of 
ThoughtWorks Studios' Mingle 
(project management), Cruise 
(release management) and Twist 
(test automation) software. The 
goal is to get developers, QA 
professionals and IT "on the 
same page from day one," said 
Cyndi Mitchell, managing direc- 
tor of ThoughtWorks Studios, 
the commercial tools division 
ThoughtWorks, a consultancy. 

The Mingle technology pro- 
vides the central point of task 
management, with the use of 



movable cards to track require- 
ments, issues and workflow, as 
well as reporting, Mitchell 
explained. Cruise is for continu- 
ous integration management, in 
which the deployment process 
can be implemented, and builds 
and configuration can be man- 
aged. Twist is where the execu- 
tion and evolution of tests and 
test suites is managed. 

"Evolving functional tests is 
difficult," Mitchell said. "They 
are brittle." Twist allows users 
to apply refactoring to function- 
al tests so they can be main- 
tained and reused, she said. 

Adaptive ALM enables users 
to trace requirements through 
testing, ensuring they get imple- 
mented in the final solution, 
Mitchell explained. It also pro- 
vides the ability to create build 



grids, so tests can be spread 
over different nodes. The 
results are then aggregated and 
returned, giving users greater 
visibility in the development 
process. 

Mitchell said Adaptive ALM 
is a response to other "agile-in-a- 
box" solutions that she said do 
not respect the collaborative 
nature of software development. 

"A company selects process- 
es and tools, but unforeseen 
things happen that don't fit 
those processes and tools," she 
explained. "Competing forces 
then take over. Do you adhere 
to the process and tool, or do 
you deliver results? What hap- 
pens is, organizations get frus- 
trated and stop using the [agile 
management] tool, or it's not 
used effectively." I 
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Application governance company AmberPoint and Oracle have inte- 
grated Oracle Enterprise Repository and Oracle Service Registry with 
AmberPoint's governance software. AmberPoint executives said their 
software automatically synchronizes operational metrics and runtime 
policies for applications, and it records service metadata in Oracle 
Enterprise Repository and Oracle Service Registry . . . Source code 
analysis and testing company LDRA has integrated its LDRA testing 
suite with Texas Instruments' Code Composer Studio and Code Com- 
poser software development environments, which are IDEs for Texas 
Instruments' microcontrollers and application processors. The integra- 
tion provides developers with compilation, device programming and 
I/O capabilities, according to LDRA executives. LDRA's TBrun unit 
tester can invoke Code Composer Studio to load code, extract test 
data and report the results. 



NEW PRODUCTS 



Microsoft has made a MapPoint add-in available for SQL Server 
2008 that enables developers to visualize spatial and non-spatial 
data stored in the database. Maps may also be used to query, edit and 
insert rows into SQL Server, and maps may be integrated into Office 
programs. The add-in is available free of charge at Microsoft's web- 
site . . . JetBrains has released a new software development envi- 
ronment called Meta Programming System (MPS), which the com- 
pany described as a new IDE that uses existing programming 
languages for developing software and custom languages, or domain- 
specific languages. MPS is free, and a major part of its source code is 
available under the Apache license . . . IBM has created the Smart 
Analytics System, which uses software and storage to provide ana- 
lytics of both structured and unstructured data. It includes business 
intelligence reporting, data mining, cubing services, text analytics 
and data warehouse management. Cloud service providers can use 
the Smart Analytics System on private or public clouds. 



UPDATES 



_L 



IDS Scheer has released ARIS Process Performance Manager 5.0, 

which stores all business process-related data in memory. The compa- 
ny said that using compressed in-memory data will reduce customers' 
hardware costs and increase the speed at which data can be analyzed 
. . . Requirements management company Jama Software has released 
Contour 2.7, its Web-based enterprise requirements manager. There 
is a new integration called the JIRA Connector for Jama Contour that 
connects Contour with Atlassian's JIRA defect tracking, task manage- 
ment and agile project management software . . . Cloud computing 
management software maker RightScale now lets users manage IBM 
DB2 Express-C 9.7 database software on the cloud. IBM DB2 
Express-C is a free community edition of the DB2 database server. 
RightScale has pre-built templates to utilize common server configu- 
rations for IBM DB2 Express-C for both the CentOS and Ubuntu oper- 
ating systems . . . Build solution company OpenMake has released 
Meister 7.3, a build engine, with the intention of speeding up compile 
and link processes for languages such as C/C++, Java and .NET lan- 
guages. Meister also has a new feature called the Target file generator, 
which connects source code locations to output locations within 
archives . . . Business process management company Metastorm has 
released Metastorm Integration Manager 8.5 for Linux System Z, a 
software application for system integration, process management and 
managed file transferal. There is new interoperability with IBM Web- 
Sphere MQ 7, Java 6 and Microsoft Windows. 



_L 



PEOPLE 



_L 



Paul D. Nielsen has been reappointed to a second five-year term as 
director and CEO of the Carnegie Mellon Software Engineering Insti- 
tute (SEI). The SEI is a technology research and development center 
funded by the U.S. Department of Defense. Nielsen joined the SEI in 
2004 after a 32-year career in the U.S. Air Force, where he retired as 
a major general. I 
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An 'epic' progress report in Danube Technologies' Scrum tool shows the status of work on high-level features. 

Orchestrating agile projects 

ScrumWorks Pro 4 moves teams toward common goal 



BY DAVID RUBINSTEIN 

Agile project management soft- 
ware company Danube Tech- 
nologies released earlier this 
month ScrumWorks Pro 4, its 
Scrum management framework 
that enables the coordination of 
multiple teams working in con- 
cert to reach common release 
and feature goals. 

Agile development has been 
slow to reach wide adoption in 
large enterprises, because while 
the benefits to agile develop- 
ment are clear on the team or 
project level, they haven't yet 
been seen in a broader context. 
This is due in large part to the 
pain of managing different 
groups of teams working on dif- 
ferent projects in different loca- 
tions but all working toward the 



same targets, according to Vic- 
tor Szalvay, cofounder and 
CTO of Danube. 

The problem, he explained, 
is with hierarchies, upon which 
many project management 
tools today are based, Szalvay 
said. While these tree-like 
structures are excellent for 
assigning, prioritizing and 
tracking work, they lack the 
flexibility to deal with changing 
requirements and priorities 
that are the hallmark of agile 
development. 

"Prioritization is critical, but 
hierarchy obscures it," Szalvay 
said. There has been no way "to 
coordinate component groups 
working to a common goal 
without subverting the agile 
process itself," he added. 



VI : Agile solution gets lean 



BY DAVID RUBINSTEIN 

A new version of VersionOne s 
VI: Agile Enterprise released in 
late July includes a new Story- 
board that supports "kanban"- 
style lean software development 
with a Scrum management 
front end. 

Kanban is a technique first 
developed at Toyota that uses 
tickets to trigger the next pro- 
ject, ensuring that what is pro- 
duced meets the actual 
demands of the consumers. The 
new Storyboard enables those 
tickets — story cards in Scrum — 
to be dragged and dropped 
through a workflow, and to set 



limits on Work in Process to bet- 
ter create efficiencies in produc- 
tion, said VersionOne president 
and CEO Robert Holler. 

Kanban is associated with 
lean production, which says that 
producing anything other than 
what directly meets customer 
needs is wasteful. Lean produc- 
tion is aligned with agile process- 
es in software development. 

Another key new feature is 
the ability to switch between 
stories and defects, to split 
defects, and add or import 
epics — high-level new fea- 
tures — into the management 
tool. I 



ScrumWorks 4 uses keyword 
tagging instead of hierarchies to 
enable managers to look at 
work from multiple dimen- 
sions, he said. 

"This is tough to do in a hier- 
archy, where a single item can 
only reside in one place. Now, 
you can tag with one or more 
keywords and use the keywords 
to assign a feature-level goal," 
Szalvay explained. "You can 
choose features for a milestone 
and associate the keyword to 
the milestone, applying all the 
breakdown items required" to 
reach the goal. 

The subscription-based, 
US$289-per-user per-year tool 
uses the agile-familiar term Epic 
to define the high-level features 
and goals associated with any 
milestone, Szalvay said. There is 
also a free, scaled-down version 
of ScrumWorks. 

Another new feature is the 
ability to share the work of one 
component group across multi- 
ple products. So, for instance, a 
group working on e-mail for the 
BlackBerry device can have its 
solution used in the Pearl, 7100 
and other RIM products, with 
simple tweaks such as resizing 
the window or integrating with 
a different keypad easier to 
manage, Szalvay said. 

Szalvay said ScrumWorks 
is now available to Eclipse 
development teams through a 
connector with Tasktop, the 
commercial version of the 
open-source task-focused My- 
lyn project. I 




SHRINKWRAP 
YOUR APP. 

WITH PROVEN CODE SIGNING FROM VERISIGN. 



You developed the software. Now deliver it with the same care and vigilance 
by using Verisign® Code Signing. Why? Code signing not only protects the 
identity and reputation of the author, but it also verifies the authenticity 
and version of your software. Then Verisign helps you go a step further. 
It can create a unique digital signature every time the code is signed, and 
it supports more certification programs and development platforms than 
any other Certificate Authority. And you can leverage the reputation of the 
most recognized and trusted name in online security— Verisign. 

Learn how Code Signing from Verisign can help make sure 
your applications are more trusted and adopted at 
www.VeriSign.com/CodeSigning or call 1-866-893-6565. 




VeriSigrr 



©2009 VeriSign, Inc. All rights reserved. VeriSign, the VeriSign logo, the Checkmark Circle logo, and other trademarks, service marks, and designs are registered or 
unregistered trademarks of VeriSign, Inc., and its subsidiaries in the United States and foreign countries. All other trademarks are property of their respective owners. 
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Expression Blend 3 delivers prototyping 



Microsoft says that it will help designers and developers 

BY DAVID WORTHINGTON T i *^o*.j i^ ^^t^^ ■— i Ij^bJBB 



BY DAVID WORTHINGTON 

Expression Blend 3, a Microsoft inter 
face development tool that facilitates 
collaboration among clients, designers 
and developers, became available for 
download in July. 

Blend is a UI builder for rich Inter- 
net applications that provides tooling for 
Silverlight 3, which was released earlier 
this month. Expression Blend 3 was first 
announced at MIX 09 in March. 

This version of Blend includes a new 
prototyping feature called SketchFlow, 
which models the composition, flow, 
screens and states of an application 
interface. SketchFlow incorporates ani- 
mation, drawing tools and images, and 
can load Silverlight and Windows Pre- 
sentation Foundation controls into pro- 
totypes. 

Microsoft has focused on improving 
Blends animation and easing functions, 
3D transforms, visual effects and visual 
state manager. 

SketchFlow prototypes are designed 
for sharing and reviewing design intent, 
and they can be annotated with in-context 
feedback, Microsoft says. Extensible 
Application Markup Language (XAML) 
code is automatically generated for proto- 
types so that they become usable artifacts. 




Expression Blend's SketchFlow helps designers, developers, information architects and 
account managers prototype user interfaces. 



Microsoft is attempting to fill a gap in 
the developer/designer/client workflow, 
said Eric Knipp, a senior research analyst 
at Gartner. "The ability to generate print- 
ed slides from low-fidelity prototypes 



quickly and easily is a big improvement. 
"I like to think of it like this: In the 
past, designers would draw up some pro- 
totypes, consult with the client, and at 
some point hand them off to the develop- 



work together 

er, who would go implement the software 
based on feature requirements and the 
designs," he added. "Then, a miracle 
would happen, and the end result might 
or might not look like what the designer 
intended. Microsoft is trying to eliminate 
the need for such miracles during the 
construction of Silverlight apps." 

Pricing for the upgrade is set at 
US$349, and the full version costs 
$599. Microsoft offers a 60-day evalua- 
tion copy. It is also available under 
Expression Professional subscriptions. 

Other developer-focused features are 
interoperability with Visual Studio Team 
System 2008, a code editor that supports 
Visual C#, Visual Basic and XAML, and 
the ability to generate design-time sam- 
ple data in applications. 

An API is available for developers to 
write custom actions, behaviors and 
triggers for use in Silverlight and WPF 
projects. 

Blend 3 is also capable of importing 
from Adobe Illustrator and Photoshop in 
instances where designers are not using 
the Microsoft stack. Photoshop files can 
be imported layer by layer and 
regrouped to hoi their original element 
formats for editing within Expression, 
the company said. I 
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Modifying popular file types is a challenging task 
for even the most talented developer. Fortunately, 
you don't have to undertake this task yourself. 
You can look to Aspose, a company that was created to 
address these challenges in a way that is not only elegant, 
but also all encompassing, providing powerful file APIs to 
suit your needs. 

At Aspose-named to the 2009 SD Times 100-you'll 
find a wide variety of feature-rich components, all of which 
can be purchased individually or in one powerful suite, 
Aspose.Total. Aside from programming components, you'll 
also find the company's growing line of rendering exten- 
sions for Microsoft SQL Server Reporting Services, which 
can export RDL reports in Word, Excel, PowerPoint and 
PDF formats. With a variety of quality products, Aspose 
helps worldwide developers become more produc- 
tive and save time and money by delivering reli- 
able solutions. 

'The majority of our products are file-centric, 



but Aspose.Total is our all-in-one product suite," says 
Danny Cooper, Associate Director for Aspose. We offer 
Aspose.Total for three platforms: .NET, Java, and SQL 
Reporting Services, with the same type of file support for 
all three platforms. 

According to Cooper, it's true that some of what people 
want to do can be done with traditional reporting packages 
like Crystal Reports. However, Aspose products take those 
capabilities to untold levels. For example, if you have numer- 
ous Word or Excel documents, Aspose lets you export data 
to those files in a structured format. Aspose gives you a com- 
plete interface that reaches into the document to change 
anything relating to data. 

"What sets us apart is that, from Day 1, we've built our 
products based on the needs of our customers," says Cooper. 
"When they ask for enhancements, we respond. If a com- 
pany comes to us and they're looking for a solution, we pro- 
vide it. It's not just a pre-canned product. We'll actually work 
with you and build our products to suit your needs." * 




ASPOSE 



The .NET & JavD Comporran* Publisher 
www.aspose.com 
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Revolution finds its 
way onto the Web 

Language designed for business users 



BY ALEX HANDY 

If programming were easy, 
everyone in a business could do 
it. That's the philosophy behind 
the Revolution programming 
language. In September, Run- 
time Revolution, the Scottish 
company behind the language, 
will release an update for all 
three of its Revolution develop- 
ment products. Version 4.0 will 
bring with it Web capabilities 
that can be used to build Web 
interfaces for enterprise appli- 
cations and data sets. 

Kevin Miller, CEO of Run- 
time Revolution, said that the 
new revMedia distribution of 
Revolution includes an entry- 
level development environment, 
where inexperienced and non- 
technical users can try their 
hands at the language. 

This is the first time that 
the Revolution language will 
be usable in a browser, said 
Miller. "We achieved it in the 



browser by producing a light- 
weight browser plug-in," he 
said. That plug-in allows users 
to run Revolution-based appli- 
cations and interfaces in their 
browser. 

Miller said that revMedia 
will be free to download and 
use. For developers who want 
more power or need to inte- 
grate with large enterprise sys- 
tems, like Oracle databases, 
Runtime Revolution's revStu- 
dio is available for US$249 per 
user per year. The even more 
robust revEnterprise suite, 
which includes some more 
commands and integrations, 
can be had for $499. Both of 
these development environ- 
ments are being updated to ver- 
sion 4.0 in September and will 
include support for Revolu- 
tion's new Web capabilities. 

Revolution is a high-level 
language with an English-like 
syntax, said Miller. "It's easy to 




Revolution eschews symbols and programming schedule in an attempt to resemble natural language as much as 
possible, says Runtime Revolution. It will soon be available inside of Web browsers. 



understand statements. You can 
come back six months later and 
you can read what you've writ- 
ten straight away. There are very 
few symbols and very little 
shorthand. We hope it will open 
up programming to a wider 



community that had previously 
never used it." 

The new Web capabilities in 
revMedia allow developers to 
embed Revolution code into 
Web pages, and to tie that code 
into JavaScript. A server product 



will allow Revolution to run both 
in front of and behind browsers, 
but that product will not arrive 
until the end of the year. Miller 
also said he expects to have an 
Apache Web Server mod avail- 
able by then. I 



Staying profitable in tough times means that 

Everything should work together 



Here are three ways to take action right 
now to keep your head above water: 



1 Automate business processes to 
improve performance, gain financial 
advantages, and make the most of 
your staff. 

2 Streamline and monitor communica- 
tions with business partners and 
clients to improve cash flow and 
reduce processing errors. 




3 Improve data quality to increase 
performance, retain more customers, 
and enhance decision-making. 

iWay Software will get projects done 
quickly enough to satisfy even the 
most demanding, ROI-focused executive 
sponsors. Our software integrates 
every type of technology and is used 
by 70 percent of integration vendors 
to speed up their implementations 
and reduce risk. 



Get started by calling (866) 297-4929 
or visiting us on the Web at 
iwaysoftware.com/go/sdtimes. 
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Electric Cloud brings build tools to EC2 



BY DAVID WORTHINGTON 

Electric Cloud has modified its 
build-automation and perfor- 
mance tools to work natively in 
Amazon's Elastic Compute 
Cloud (EC2) environment, 
opening the cloud to develop- 



ment and test teams 

EC2 integration has been 
added to the feature set of 
ElectricCommander, a Web- 
based application that auto- 
mates build test deployment, 
and Electric Accelerator, a solu- 



tion that executes builds in par- 
allel across clusters and can 
now run natively in EC2. 

ElectricCommander is now 
capable of starting and stopping 
virtual machines, as well as 
adding storage in the Amazon 



environment, said Martin Van 
Ryswyk, vice president of engi- 
neering at Electric Cloud. 

ElectricCommander can 
run as a service hosted in EC2, 
bringing the build test release 
process to the cloud. Cus- 




Proven 

Choose a PDF technology that is 
integrated into thousands of 
applications behind millions of 
desktops worldwide. 



Expertise 

Produce accurate and stable PDF 
documents using reliable tools 
built by experts with over ten years 
of experience. 



High-Performance 

Develop with the fastest PDF 
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to perform in multithreaded and 
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OEM Licenses 

License and distribute products 
quickly and easily with a PDF 
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external open-source libraries. 



Rapid Integration 

Integrate PDF conversion, creation 
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PDF solutions. 
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tomers that run ElectricCom- 
mander in the cloud will pay 
the same licensing costs as they 
do presently to run it on- 
premises, he said. 

"The cloud is a natural fit 
for dev and test," Van Ryswyck 
said, explaining that some 
companies, typically small 
startups, are already running 
their applications in the cloud. 
Other companies can use the 
cloud to augment peak usage, 
he said. I 

Gomez aims 
to simplify 
RIA scripts 

BY JEFF FEINMAN 

Web application company 
Gomez has added a new perfor- 
mance metrics recorder to and 
increased the mobile capabilities 
of its namesake platform. 

The Gomez Platform Sum- 
mer 2009 release, announced in 
July, has a new feature called 
Gomez Recorder, which is 
aimed at simplifying the mainte- 
nance of test scripts for Web 
transactions, including rich 
Internet application transac- 
tions. The recorder automatical- 
ly collects performance metrics 
of each transaction. 

"With the new recorder, you 
can quickly record multi-step 
business processes and more 
easily update and maintain 
scripts when applications 
change," said Imad Mouline, 
CTO of Gomez. 

There are new testing agents 
that reveal data on how Web 
applications perform in different 
browsers. Users can now test and 
monitor mobile applications and 
resolve performance problems 
for those applications. Gomez 
claims its platform can now work 
with 5,000 mobile devices in 
addition to more than 500 com- 
binations of standard browsers, 
devices and screen sizes. 

Mouline said software devel- 
opers must deal with more com- 
plex Web applications as well as 
browsers with different perfor- 
mance characteristics. They 
must be able to "ensure quality 
Web application performance 
along the entire Web application 
delivery chain, from the data 
center to the browser, which also 
includes getting an accurate read 
on how load will impact end 
users' response times," he said. I 
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Serena upgrades BPM software 

Business Mashups 2009 Rl simplifies workflow creation, company says 



BY DAVID WORTHINGTON 

Application life -cycle develop- 
ment tool maker Serena is con- 
tinuing its push into business 
process management (BPM) 
with an updated version of its 
Business Mashups software, 
which it says will boost the pro- 
ductivity of business analysts. 

Serena shipped Business 
Mashups 2009 Rl on July 14. 
Business Mashups allows non- 
coders to design and deploy 
solutions that connect human 
workflow processes to systems, 
said Nathan Rawlins, senior 
director of product marketing. 

Version 2009 adds LDAP 
support to improve administra- 
tion and change management 
and provide IT administrators 
oversight capabilities, as well 
as the ability to compare BPM 
blueprints in its Mashup Com- 
poser visual design environ- 
ment. 

It is now also better at con- 
necting systems with other sys- 
tems, said Rawlins. Serena's 
Mashup Server runtime engine 
now enables synchronous 
orchestrations, where orches- 
tration can call to another. 

In practice, that would allow 
a mashup to incorporate an 
external approval process with a 
Salesforce application to issue 
discounts to customers, he 
explained. 

In general, the types of 
processes that customers are 
using tend to be human-centric 
and affect tasks specific to a 
department or initiative within 
a company, Rawlins said. They 
can be used to gather data from 
social networking sites such as 
Facebook to assist hiring man- 
agers, or to check prices of 
computers for acquisition 
orders, he explained. 

"They connect systems 
together with a human workflow 
process in a way that doesn't 
require programmers or an army 
of consultants," he said. "There 
are simple ways of automating 
thousands of other processes 
that shouldn't require armies of 
consultants to sketch a process 
out on a white board and anoth- 
er army to implement." 

Serena's BPM offering is not 
"pure" BPM in the traditional 
sense, because it lacks capabili- 
ties such as process simulation 
and business activity monitor- 
ing. It still offers a core BPM 



capability, said senior Forrester 
analyst Clay Richardson. 

"It is viable, and is not 
appropriating the BPM term," 



he said, adding that most com- 
panies that purchase BPM 
software do not use process 
simulation, and they use their 



own business intelligence 
capabilities to gain insight into 
processes instead of using 
packaged business activity 



monitoring tools. 

The roots of Serena's BPM 
functionality came from com- 
bining its prototyping tool's 
workflow capabilities with its 
TeamTrack change and process 
management tool, Richardson 
said. "It is trying to convert its 
TeamTrack customer base over 
to BPM functionality." I 
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WS02 ENHANCES SOA 
GOVERNANCE SOLUTION 



BY DAVID WORTHINGTON 

Open-source SOA infrastruc- 
ture software maker WS02s 
registry has gained new gover- 
nance capabilities for managing 
the life cycles of services. 

WS02 Governance Registry 
3.0, formerly known as WS02 
Registry was released in July. 
The new version offers out-of- 
the-box checklists for managing 
service life cycles, said Paul 
Fremantle, WS02s co-founder 
and CTO. 

The company identified com- 
mon approaches that its cus- 
tomers were taking to build gov- 
ernance solutions, and it created 
a custom XML template that can 
be used to describe services 
(whether a WSDL is available or 
not) and which phase of the soft- 
ware development life cycle ser- 
vices are in, he explained. Those 
service descriptions are stored in 
the registry and are searchable. 

"Governance needs to be 
customized to each company," 
said Fremantle. "We are mak- 
ing sure people do the right 



thing, have the right processes 
in place and the right policies. 
Governance is people, policies 
and processes." 

Other features new to this 
release include service discovery, 
impact analysis, versioning, and 
automatic metadata extraction. 

Governance Registry also 
uses business rules to send e- 
mail notifications to managers 
for tracking service changes. 
Previously, changes could only 
be tracked via ATOM or RSS 
feeds. A dashboard monitors ser- 
vices at runtime and design time. 

Lastly, WS02 has added the 
ability to manage remote reg- 
istries within an organization. 
Organizations may not initially 
agree on policies and approach- 
es, but they need a registry to 
make their projects run, Fre- 
mantle explained. By federating, 
enterprises can consolidate pro- 
ject infrastructure with a more 
centralized approach and man- 
age departmental registries in 
coordinated and synchronized 
ways, he said. I 



Xceed delivers a pair 
of Silverlight 3 controls 



BY DAVID WORTHINGTON 

.NET component maker Xceed 
is porting a suite of controls, 
including its flagship data grid, 
to Silverlight 3, and it is prepar- 
ing an updated Windows Pre- 
sentation Foundation (WPF) 
grid control. Both will be 
released this month. 

The two products are Real- 
Time Zip and Xceed Upload 
for Silverlight 3. A Silverlight 
3-based data grid is scheduled 
to ship in March 2010, said 
vice president of R&D Odi 
Kosmatos. 

Real-Time Zip adds archiv- 
ing capabilities to Silverlight 
applications, without requiring 
any temporary storage. It offers 
file compression and has UTF- 
8 (Unicode) for multilingual 
filename support, he said. 

Upload for Silverlight 3 
enables developers to add 
end-user upload capabilities 
to Web pages and Silverlight 
applications. It uses HTTP to 
upload files, and it can upload 
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Xceed Upload is a Silverlight control that can be used to send files. 



large files without a Web serv- 
er plug-in, said Kosmatos. 

Xceed's Silverlight 3 data 
grid is being designed for cross- 
platform performance on Mac 
OS X and Windows, Kosmatos 
said. The company will share 



more specific details as its 
release date approaches. 

Meanwhile, a new edition of 
Xceed's DataGrid for WPF will 
implement smooth scrolling, so 
data moves fluidly up or down a 
page on screen. I 
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ComponentOne prepares Silverlight 3 
controls intended for business apps 



BY DAVID WORTHINGTON 

.NET control maker Compo- 
nentOne's Studio Enterprise 
2009 v2, its second major release 
wave of the year, includes Sil- 
verlight 3 controls for construct- 
ing line-of-business applications. 

Studio Enterprise 2009 v2 
was made generally available on 
July 21. Aside from its new Sil- 
verlight controls, the suite 
broadens ASP.NET and Win- 
dows Presentation Foundation 
(WPF) component offerings. 

The Silverlight controls 
include a grid control that lead 
Silverlight developer Leo Ver- 
nazza said is focused on speed 
and customization. The grid 
provides smooth scrolling with- 
in large data sets, and it has an 
API for creating custom filters 
and modifying grid properties. 

The suite includes 25 differ- 
ent chart controls that have the 
same basic functionality as 
ComponentOnes existing con- 
trols, but are capable of richer 
visualizations due to Silverlight, 
he explained. 
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The ToolTip control gives developers a context-sensitive way to load and 
display HTML content in Web applications. 



A scheduler control imports 
calendar information from 
Apples iCal application as well 
as from XML files. It can also 
bind to data sets regardless of 
whether they are strongly typed 
(when a type is assigned to a 
database column) or not, said 
Vernazza. Silverlight's default 
only permits strongly typed 
data sets, he noted. 

An end-to-end document 
workflow is provided. A rich 
text control features syntax 
highlighting and shows HTML 



through a parser. A spell check- 
er is also included, in addition 
to a print control that previews 
HTML data content for brows- 
er-based printing. 

New ASP.NET controls pro- 
vide designers for form creation 
and editing visual styles, along 
with a combo box, a progress 
bar and a tool tip bar. 

The expanded WPF controls 
are focused on customizing text 
boxes, improving navigation, and 
adding capabilities that are more 
granular for gauge controls. I 



Embarcadero adds 
multi-touch to RAD tools 



BY DAVID WORTHINGTON 

Database and software devel- 
opment tool maker Embar- 
cadero will fully support the 
Windows 7 API and multi- 
touch technology in upcoming 
versions of its rapid application 
development (RAD) products. 

Embarcadero s C++Builder, 
a RAD C++ development envi- 
ronment for Windows, along 
with the Delphi RAD Visual 
development environment for 
Windows software and database 
applications, will have inter- 
faces to work with the APIs, 
said David Intersimone, the 
company's vice president of 
developer relations and chief 
evangelist. 

Both products will have a 
gesture management compo- 
nent for Windows 7 that will 
abstract out its multi-touch 
capabilities from the Windows 
API to make it easier for devel- 
opers to use those features in 
their applications, he said. 

"Developers drop it down 
on any form in an application, 



and it becomes gesture- 
enabled. They just set proper- 
ties and hook on the gesture 
event that takes place," Intersi- 
mone said. Developers can 
also create custom gestures to 
override predefined ones, he 
added. 

The gesture manager also 
supports single touch for older 
touch-based systems, such as 
kiosk screens, and can use a 
standard mouse instead of a 
finger. Older touch-based sys- 
tems lack Windows 7 s touch- 
screen technology and treat 
gestures as mouse input, he 
explained. 

Microsoft released Windows 
7 to manufacturing on July 22. 
Embarcadero must wait until 
Microsoft finalizes the Win- 
dows 7 software development 
kit before it can finalize its 
products, Intersimone said. 
The SDK usually ships a few 
weeks after Windows goes 
RTM, he added. He would not 
provide a timeframe for the 
products' availability. I 
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CX/Q A f P Sybase delivers mission-critical enterprise soft- 
3 I D/A3C ware to manage, analyze and mobilize infor- 
mation. Its database solutions are recognized glob- 
ally as a performance leader, proven in the most data-intensive 
industries and across all systems, networks and devices. Sybase 
was named to the 2009 SD Times 1 00. 

"Our customers and partners rely on us for high-performance 

transaction processing, fast analytics on large data volumes, and 

mobility solutions that make data securely available anywhere 

anytime," says Sumit Kundu, Senior Director, Product 

Management and Marketing for Sybase. "The world's most 

critical data in finance, government, healthcare and telco 

run on Sybase." 

Sybase provides three key database offerings: 

Sybase Adaptive Server Enterprise (ASE) is a high- 
performance database for high-transaction, mission- 
critical environments. ASE has long been noted 
for its reliability, low total cost of ownership and 
superior performance. 

SQL Anywhere provides relational data- 
base and synchronization technologies that 
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don't require regular on-site IT maintenance. It offers enterprise- 
strength features in a database that's easily embedded and wide- 
ly deployed in server, desktop, remote office and mobile appli- 
cations. 

Sybase IQ delivers fast results for mission-critical business intel- 
ligence, data warehousing analytics, and reporting solutions. 
Sybase IQ combines speed and agility with low total cost of own- 
ership, letting enterprises perform analysis and reporting that 
was previously impossible, impractical or cost prohibitive. 

Kundu explains that Sybase ASE benefits managers by sup- 
porting business growth, reducing corporate risk and improving 
IT efficiency. With SQL Anywhere, development, testing and sup- 
port costs go down because the database is highly automated, 
requires few resources and is hidden from end users. You only 
have to support one database to get to a wide range of deploy- 
ment platforms. Sybase IQ helps business managers get results by 
addressing difficult questions quickly so they can take action fast. 

"Sybase is a company you can trust," Kundu says. "We've 
delivered proven solutions to hundreds of thousands of customers 
and users over the last 25 years. The value of our products is 
the best in the industry." * 



Sybase 



www.sybase.com 
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Slin reaches 27 years of shining through 



end of its days 



< continued from page 1 

the company's slim market lead 
was lost. 

"Sun was probably the great- 
est corporate navel-gazer in his- 
tory," said Roth. "By that I 
mean they truly believed in 
their own abilities and their 
own manifest destiny. At the 
end of the day, Sun was killed 
by hubris, the hubris that says, 
1 can make a profitable compa- 
ny spending twice as much on 
overhead as I do on research 
and development.' 

"The management at Sun 
was consistently like the crow 
that gets attracted by the 
shiny object," said Roth. "I will 
admit to having participated 
in some of that in my time 
there. But had they stuck to 
making great hardware and 
focusing on developers and 
developer tools, they'd be a 
different company today. I 
think hardcore businesspeople 
will run the business a little 
differently." 



One project that failed to 
live up to its potential is 
OpenOffice.org. Originally 
acquired for around $27 mil- 
lion from a German company, 
Roth estimated that Sun spent 
around $10 million a year on 
the project after it was 
acquired. Yet even when giv- 
ing away this productivity suite 
for free, Microsoft remained 
firmly entrenched as the mar- 
ket leader. Microsoft, though, 
was able to grab huge portions 
of market share when it gave 
away its Web browser for free 
in the late 1990s. 

"I think it is a perfect mani- 
festation of the ongoing 
dichotomy and struggle that is 
Sun Microsystems," said Jay 
Lyman, analyst with the 451 
Group, adding that it played to 
a fundamental problem at Sun's 
very core. 

"There's always been the 
question, Ts Sun a software or a 
hardware company?' " said 
Lyman. "As one has improved, 



Sun Microsystems' acquisition by Oracle ends a 27-year history that coincided with the evolution of the desktop 
computer, the Internet and mainstream Unix. Here's a look back at the significant events in Sun's history. 
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1986 



1982 

Stanford University Networks 
Microsystems is founded by Andy 
Bechtolsheim, Bill Joy, Vinod Khosla 
and Scott McNealy. It releases its first 
Unix workstation, the Sun-1. 



% 



1988 



Sun develops and introduces the 
Solaris operating system, retiring 
the SunOS in the process. 
1991 



1987 

Sun switches to 
the SPARC processor, 
which it developed, 
for the Sun-4 
workstation. 



1989 

Sun introduces 
SPARCStation 1, 
a desktop 
workstation. 



soians 




Kholsa Joy Bechtolsheim McNealy 

the other has become more of 
an issue. That's where we find 
ourselves last year. While they 
improved their approach with 
open-source software and 
developers, they struggled with 
execution and maybe even 
overall identity as a company." 

Other software efforts were 
similarly ineffective in the mar- 




1992 

The SPARCStation 

10 is released, the 

company's first 

desktop 

multiprocessor 

workstation. 



ketplace. Roth said that Sun's 
Java groups were rarely prof- 
itable. 

HOLLOW AT ITS CORE 

In 1997, Roman Stanek found- 
ed a Czech company to com- 
mercialize NetBeans, which 
was created as a student pro- 
ject at Charles University in 



Prague, Czech Republic. Two 
years later, it was acquired by 
Sun and released as open- 
source software. Stanek said he 
believes Sun failed to capital- 
ize on the technology and ulti- 
mately lost its leading position 
as an open-source developer 
community to IBM's open- 
source release of Eclipse. 
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SPARX SYSTEMS 




Sparx Systems' flagship product, Enterprise 
Architect, has received numerous accolades 
since its commercial release in August 
2000— and now, the company has been named to the 2009 
SD Times 1 00. At version 7.5, Enterprise Architect is the design 
tool of choice nearly 200,000 registered users worldwide. 

"Enterprise Architect 7.5 is a collaborative modeling, 
design and management platform based on UML 2.1 and 
related standards/' says Sam Mancarella, Chief Technology 
Officer for Sparx Systems. "It leverages the full expressive 
power of UML 2.1 to model, design, build and analyze 
a diverse range of systems, software, processes and archi- 
tectures." 

Enterprise Architect provides essential tools for busi- 
ness analysts, architects and developers alike. You 
can use Enterprise Architect to forward-generate 
structural code and reverse-engineer handwritten 
code back into the shared model. You can also 
use UML Statecharts, Activity Diagrams, 
Sequence Diagrams and Business Rules to 
produce executable code for Java, .NET or 



BPEL. This capability not only lets you deliver solutions through 
the shared model, it also keeps all team members and stake- 
holders up to date with a project's progression and execution 
in accordance with requirements. 

By specifying complex architectures and their characteristics 
using SysML, system architects create understandings of the 
"complete picture" of their complex, large-scale solutions— from 
the bird's-eye view down to the finest subsystem detail. 

Traceable, accurate and comprehensive UML-based models 
are key features of Enterprise Architect. They help you spend 
more time delivering value— and less on ancillary tasks. Its ease 
of use, built-in collaboration, and teamwork and tracking fea- 
tures ensure that projects remain governed and in control. 

"We specialize in high-performance and scalable visual mod- 
eling tools for planning, designing and construction of software- 
intensive systems," Mancarella says. "With customers ranging 
from aerospace and automotive engineering to finance, defense, 
government, entertainment and telecommunications, Sparx 
Systems is a leading vendor of innovative solutions based on 
UML, and we are committed to realizing the potential of mod- 
el-driven development based on open standards." * 
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Java is publicly 
announced; Netscape 
simultaneously 
announces that it will 
support the language 
for its browser. 

1995 



Java 2 is released. 
Java as we know it 
today is based 
on this version. 

1998 



With online businesses 
collapsing, demand for 
Sun's products, 
particularly its hardware, 
dropped, drastically 
cutting Sun's revenues. 
2001 




Sun attempts to rebuild some 
brand awareness by changing 
its ticker name to JAVA. 
Despite that, it is forced to 
lay off thousands of employees. 
2007 
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1994 

Java, a programming language 
under development by Sun, 
is refocused to work on the 
emerging World Wide Web. 
Sun's systems are used 
by the 1994 FIFA World Cup 
and for retrofitting the 
Golden Gate Bridge. 



1996 

Sun's Jon Bosak 
begins leading a 
W3C team to 
develop XML. 



2000 

Sun's stock price hits a 
high of over US$250 per 
share, its all-time peak. 
The dot-com bubble would 
burst shortly afterwards. 
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Bosack 



Part of the problem, Stanek 
said, is that Sun as a technology 
company did not have a core 
business that could be counted 
on year in and year out to main- 
tain revenue levels. 

For example, in one year, 
said Stanek, servers based on 
Sun's SPARC microprocessors 
could have been popular, but 



the next year, customers might 
want Dell servers based on 
newer Intel chips. While other 
"big-iron" companies like 
Hewlett-Packard and IBM 
were also subject to such winds 
of change, they could fall back 
onto core business services for 
dependable revenue. 

Focusing on business prof- 



2005 

Sun acguires 
StorageTek for 
$4 billion. It also 
introduces the Sun 
Grid. The company 
briefly reports some 
profitability, but 
those profits vanish 
and the company's 
assets continue to 
drain away. 



itability and stability was sup- 
posed to be a core goal of the 
Jonathan Schwartz era. 
Schwartz came to Sun in 1996 
when it acquired his company, 
Lighthouse Design, and 
became Sun's president in 
2004. But when he took the 
job of CEO in 2006, Schwartz 
talked more about changing 



2006 

McNealy, Sun's CEO 
and chairman, steps 
down as CEO. 
Jonathan Schwartz 
takes over as CEO. 
Sun open-sources 
Java under the GPL. 




2008 

Sun acguires MySQL 
AB for $1 billion. 
The acguisition, 
much like everything 
else Sun has 
attempted, fails 
to generate 
sufficient revenues. 



Schwartz 



the world with cell phones and 
raising revenues from existing 
business units than about 
turning Sun into a services 
company. 

Though Schwartz's vision for 
Sun was one of giving away 
open-source software and sell- 
ing service and support, the 
company was unable to fully 



2009 

IBM expresses interest 
in acquiring Sun, starting 
a round of negotiations. 
When initial negotiations 
prove fruitless, Oracle 
(and possibly Hewlett- 
Packard) expressed their 
own interest in Sun. 
Eventually, Sun's board 
would agree to be 
purchased by Oracle. 



execute on that and build a suc- 
cessful services division. 

Oracle now gets to pick up 
the pieces. Perhaps it will try to 
make Java and Solaris prof- 
itable, or simply let some of 
these pieces wither on the vine 
and die — much like Sun's for- 
mer executives did to the once- 
bright company. I 
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COLLABNET 




The CollabNet platform, TeamForge, inte- 
grates development tools such as software 
configuration and change management with 
application life cycle management. By centralizing the manage- 
ment and security of users, projects, processes and assets, 
TeamForge dramatically reduces costs, increases productivity 
and improves project visibility. CollabNet was named to the 2009 
SD Times 100. 

'TeamForge has the unique ability to support software devel- 
opment by agile, collaborative and distributed project teams/' 
says Rosie Pongracz, Director of Product Marketing for 
CollabNet. "The latest release, TeamForge 5.2, transforms 
the way organizations develop software, increasing pro- 
ductivity and reducing infrastructure costs by leveraging 
the cloud/' 

TeamForge lets you easily associate, or link togeth- 
er, any objects in the system to simplify knowledge 
sharing and provide traceability throughout the 
life cycle. For example, a discussion post 
regarding a customer problem could be linked 
to a document specifying the feature require- 
ment, an issue created to track the defect, the 
source code commits that fix the issue, and 
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the release that contains the fix. Associations let development 
organizations improve information sharing, capture institutional 
knowledge and simplify regulatory compliance. 

The latest release enables software development in the cloud 
with integrated lab management capability for continuous 
build/test and server provisioning. 

CollabNet helps enterprises integrate the best open-source 
software development practices into their commercial develop- 
ment processes for collaboration and transparency. The compa- 
ny offers the only ALM platform that is technology, tool and 
methodology independent. 

As the company behind Subversion, the industry-leading SCM 
and one of the most successful open-source projects in history, 
CollabNet knows how to foster collaboration and leverage dis- 
tributed talent. CollabNet Subversion is an enterprise-ready 
distribution of Subversion that includes certified binaries, plat- 
form-specific installers, certified plug-ins for other tools, and enter- 
prise-ready add-ons. More than 1.8 million users depend on 
CollabNet to manage their distributed software projects. 

"Collaboration is in our DNA," Pongracz says. "And, unlike 
other vendors that have cobbled together an ALM offering from 
point-solution tools, we built TeamForge from the ground up to 
enable a culture of collaboration." * 



COLLABNET 

Where Subversion® Meets the Enterprise. 

www.collabnet.com 
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Software Development Conference, 

more than 70 classes and workshops. 



The better the job you and your developer teams do, the better your 
company can compete, satisfy customers and thrive in today's economy. 
But with the tremendous number of platforms and ever-changing 
requirements, enterprise software development is more challenging 
than ever before. That's where the Enterprise Software Development 
Conference can help! 



STUDY with the industry's top faculty - all 
software development experts who will 
enlighten and inspire you. 

LEARN from more than 70 workshops and 
technical classes at ESDC - and stay on the 
forefront of software development. 



SHARPEN your skills across the entire 
software development life cycle, from 
requirements and modeling, to architecture 
and programming, to quality assurance, 
deployment and maintenance. 

MASTER the latest agile development 
practices and learn how to build better 
software, faster and more effectively. 



Attend ESDC and walk away with knowledge and skills 
that you can put to work immediately. 



Why ESDC is the ONE conference 
you should attend in 2010: 



You'll receive practical training on 
every aspect of enterprise software 
development. No ideologies, no 
religious wars: 100% practical knowledge. 

Get a balanced view of all development 
methodologies, including traditional 
methods and the fast-evolving world 
of agile development, so you can see 
what's best for your organization. 



Every workshop and technical class 
you'll attend at ESDC is tied to real-world 
enterprise development - techniques that 
are proven to work today. 

You'll walk away with ideas, skills 
and knowledge that you can apply 
immediately - no matter your 
development methodology. 
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Government target for open source 



< continued from page 1 

Castagnetti to represent it. Tom 
Rabon, executive vice president 
of corporate affairs for Red Hat 
and campaign spokesperson for 
OS A, denied that it is a lobbying 
effort, for now. 

"It could evolve over time 
into really getting more 
involved in lobbying," said 
Rabon. "For now, job one is to 
help educate U.S. government 
decision-makers about using 
open source." 

"Open-source software can 
help deliver improved govern- 
ment service — plain and sim- 
ple — and the administration 



recognizes this more than any 
in our nation's history," said 
David Thomas, principal with 
Mehlman Vogel Castagnetti. 

Rabon said the effort grew 
out of discussions between Red 
Hat and Sun. He outlined the 
coalition's early plans: 

"First of all, we're going to 
have a D.C. presence. One of 
our early projects will be to take 
a serious look at just how much 
open source is deployed in the 
federal government and where 
it is deployed. We're going to 
use that as a benchmark. We 
also want to provide an oppor- 
tunity for people to be able to 



come to Washington and talk 
about open source and why it's 
important for our country and 
how it helps to create jobs back 
in [Congressional] districts." 

The group's members 
include Debian, Google, 
Jasperspoft, Mozilla, Spring- 
Source, and more than 50 other 
companies, individuals and 
institutions. 

The effort to expand open- 
source usage in American gov- 
ernment could dovetail with 
existing efforts to curb govern- 
ment IT spending. Peter Vescu- 
so, executive vice president of 
marketing and business develop- 



ment at IP rights management 
software maker Black Duck, said 
that the current federal budget 
for software is quite high. 

"IDC's current estimate for 
federal government software 
spending is US$7.8 billion," he 
said. "Spending on services is 
typically twice that. Our experi- 
ence tells us that 10 to 15% of 
that spending is redundant with 
existing open-source software. 
[About] $1.2 billion of that 
spending could be offset with 
open source." 

Black Duck is a founding 
member of OSA, and Vescuso 
said that this is the perfect time 



to form such a group. 

"One of the reasons why this 
group was formed is people 
were optimistic about change," 
he said. "With different people 
in charge of these things in the 
government now, it's not just a 
window of opportunity, it's a 
significant inflection point in 
time. Gartner's talked a lot 
about the federal government 
looking to cut back 10% to 15% 
in operations spending when it 
comes to IT." 

That 10% to 15% reduction 
could come just from a shift to 
open-source alternatives, he 
said. I 



Kuhn: Microsoft was in violation of GPL 



BY DAVID WORTHINGTON 

Microsoft violated the General 
Public License v2 when it dis- 
tributed its Hyper-V Linux 
Integration Components (Lin- 
uxIC) without providing source 
code, said the Software Free- 
dom Law Center. 

The violation was rectified 
when Microsoft contributed 
over 20,000 lines of source code 
to the Linux community in July. 
The drivers are designed to 
improve the performance of the 
Linux operating system when it 
is virtualized on the Windows 
Server 2008 Hyper-V hypervi- 
sor-based virtualization system. 

Microsoft's Sam Ramji, 
senior director of platform 
strategy, said that the question 
of whether Microsoft had vio- 
lated the GPL was a decision 
best left to the community. 

Linux kernel driver team 
leader Greg Kroah-Hartman 
was tipped off by Linux contrib- 
utor Stephen Hemminger 
about the violation, and then 
informed Microsoft about it in 
March, said Ramji. 

But, he said, Microsoft was 
going to release the code under 
the GPL anyway. 

"Hank Janssen [a Microsoft 
engineer] came up with the idea 
of submitting the code to the 
kernel months before Greg con- 
tacted us," he said. "We built a 
plan based on the value of sup- 
porting as many Linux distros as 
possible." 

Microsoft did not make its 
decision based on any per- 
ceived obligation, Ramji said. 
"We considered a range of 
options, and GPLv2 was the 




'The important thing to note from a perspective of 
freedom is that this software— whether it is 
released properly under the GPL or kept proprietary 
in violation of the GPL— is a piece of software 
designed to convince people to give up free virtual- 
ization platforms like Xen and KVM and [to] use 
Microsoft's virtualization technology instead/ 

—Bradley Kuhn, tech director at the SFLC 



best because it is the license the 
community used." 

"That talk [regarding the 
release of the source before 
Linux developers began enforc- 
ing the GPL] doesn't mean that 
there wasn't a problem," said 
Bradley Kuhn, policy analyst 
and tech director at the SFLC. 
"As soon as one distributes the 
binaries of a GPL'd work, one 
must provide the source for 
those binaries, [and] so Micro- 
soft's delay in this regard was a 



GPL violation. 

"The important thing to note 
from a perspective of freedom 
is that this software, whether it 
is released properly under the 
GPL or kept proprietary in vio- 
lation of the GPL, is a piece of 
software designed to convince 
people to give up free virtual- 
ization platforms like Xen and 
KVM, and [to] use Microsoft's 
virtualization technology 

instead," he added. 

A spokesperson for Kroah- 



Hartman said that the licensing 
issue played a role in his collabo- 
ration with Microsoft. "Once the 
licensing issue was indicated to 
Microsoft, they moved forward 
with the process of releasing the 
code," the spokesperson said. 

Kuhn credited the commu- 
nity for using a "friendly" strat- 
egy to enforce GPL by quietly 
working with Microsoft to 
inform it of its obligations and 
by helping it into compliance. 

"Greg's coaching on how to 



get it contributed was invalu- 
able, but it was not the original 
driver of our plan or decision," 
said Ramji. 

Ramji said Microsoft will not 
charge a royalty or assert any 
patent rights covering the dri- 
ver code it is contributing. 

WORKING WITH 'ANY LICENSE' 

When asked to explain Micro- 
soft's sudden turnabout on the 
GPL, which CEO Steve 
Ballmer referred to as a "can- 
cer" in 2001, Ramji stated that 
the company's experience with 
LinuxIC helped it understand 
how Linux contributions work, 
its obligations under GPL, and 
how a license can "enable a 
community to build a standard 
set of practices to make what 
they want to be done easier." 

Kroah-Hartman said that a 
certain amount of "education" 
happened during his work with 
Microsoft. "Linux kernel devel- 
opers have been saying for years 
that this [the GPL] is the license 
that you need, and Microsoft is 
validating this," he said. I 



Microsoft opens LinuxIC code 



< continued from page 1 

Jeffrey Hammond, a principal 
Forrester analyst. "It has found 
that in order for Hyper-V to be 
competitive, they need to sup- 
port Linux well. The whole 
thing is indicative of Microsoft's 
pragmatic attitude toward open 
source: They can't get rid of it, 
so they might as well make 
money off of it." 

Microsoft acknowledges that 
heterogeneity in the enterprise 
is a business reality, according 
to Ramji. "Interoperability is a 



lever for growth," and open 
source is becoming part of the 
engineering DNA at Microsoft, 
he added, referencing the par- 
ticipation of Mike Neil, general 
manager of virtualization strate- 
gy in the Windows Server, in 
the LinuxIC project. 

Neil was a software engineer 
at Connectix, a company that 
created virtualization solutions 
for Linux. Microsoft acquired 
Connectix in 2003, obtaining 
the Virtual PC technology. "Our 



engineering culture is 



ltu 



chang 



ing," Ramji said. 

Microsoft is participating in 
Snakebite, said Ramji, which is 
a collaborative development 
network that helps Python 
developers create cross-plat- 
form open-source projects. 

Microsoft is willing to take 
into consideration any license 
when its business and develop- 
ment community asks it to par- 
ticipate in an open-source pro- 
ject. "If we are asked to make a 
repeatable contribution, we'll 
consider it." 



However, when asked 
whether that would include 
GPLv3, the newest edition of 
the GPL license, he did not 
answer directly, instead stating 
that Microsoft would "pragmat- 
ically take anything into consid- 
eration." 

"If you had asked me 
whether they would use GPLv2, 
I might have said that would be 
a bridge too far," said Ham- 
mond. "It is at a really different 
place from five years ago when 
Ballmer said [Linux licensed 
with the GPL] was a cancer." 

Microsoft's contribution 
under GPLv2 is a "big deal," he 
concluded. I 
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nietncs is key in increasin 
complex software development 




Tf the software development pro- 
cess weren't buoyed by testing and 
quality assurance metrics, there 
would be a great deal of guesswork 
taking place. 
It would be like a symphony 
orchestra getting up on a stage without a 
single sheet of music and trying to play 
Bach or Beethoven. 

Only with software, the symphony is 
getting more complex each year. With a 
constantly evolving software develop- 
ment process that includes different 
IDEs, systems integrations and a seem- 



ingly endless stream of new I by JEFF 

features, it can be difficult to 

maintain a sense of the values behind 

metrics. 

According to multiple testing and 
quality assurance software providers, 
good metrics should provide adequate 
information on a defects effect on the 
overall costs of producing the software 
or the likelihood of the application fail- 
ing. Good metrics should also offer an 
idea of how compliant a developer is 
with industry standards or how secure a 
developers code is. 



FEINMAN I Bill Curtis, senior vice presi- 
dent and chief scientist for 
application management company Cast 
Software, agreed that one of the most 
important metrics of an application's 
health in the long term is the percentage 
of defects detected before a developer 
gets to test. 

"That's the best prediction of long- 
term improvement in the quality of your 
software. Defects cost much less to fix in 
the design and coding phase than in test- 
ing, and the earlier defects are found, 
the cheaper they are to fix," he said. 



Chris Wysopal, cofounder and CTO 
of Veracode, said that while things like 
authorization problems can certainly be 
tested for in the final build or when an 
application is deployed, the cost to fix 
those problems is very expensive. 

"The best time to look for authoriza- 
tion problems is at design time," 
Wysopal said. "At that time, you can do 
threat modeling, which is inspection 
more than testing. Then you have 
defects that show up when you're writ- 
ing the code, like buffer overflow, and 
continued on page 24 ► 
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that could be found by static analysis at 
code design time." 

Threat modeling is the process of 
assessing and describing what attacks a 
piece of software is vulnerable to in 
order to eradicate potential threats. 

KEY METRICS 

As developers test as early as possible in 
the application life cycle, what are the 
main metrics around software quality 
that they should be aware of? Should 
they be eying statement coverage? Cost 
per defect? 

Code coverage, a measure that 
describes the degree to which an appli- 
cation's source code has been tested, is a 
time-honored metric that still holds a lot 
of weight among QA professionals. How- 
ever, it can paint an incomplete picture 
in connected systems, an expert says. 

"Code coverage is meant to give a 
comfort level that you've exercised the 
various bits of code," said Mark Sar- 
biewski, Hewlett-Packard's senior direc- 
tor of products. "It's an interesting met- 
ric from the angle of security. Code 
coverage tells you something about the 
attack surface of an application. It might 
tell you about backdoors and weakness- 
es that wouldn't be exposed if you treat- 
ed it like a black box." 

Code coverage, though, can be an 
incomplete metric because of the many 
approaches that developers can take to 
build software programs, he said. In 
some cases, developers compose appli- 
cations where they are utilizing services 
without having access to any source 
code, and it has become common for 
software to be integrated with other sys- 
tems, he added. Developers need to 
know about the code in order to do 
proper code coverage, he said. 

Brian Chess, founder and chief scien- 
tist of Fortify Software, agreed that code 
coverage has value in security scenarios, 
and he said code coverage is good for 
directing testing. Statement coverage, 
which is part of the code coverage crite- 
ria that asks if each line of source code 
has been tested, is "really good for 
telling you things, like when your tests 
haven't even turned on half of the appli- 
cation yet," he said. 

Naturally, another important quality 
measurement is cost per defect, as it 
involves an organization's bottom line. 
Chess said he has commonly heard sto- 
ries for more than a decade about the 
cost to fix defects when a developer is 
coding versus after they've released to 
production. 

"When you try to do that yourself, 
you find out it's difficult to do a con- 
trolled experiment where you have a 
large enough sample of defects," Chess 
said. "And people have kept track of how 




much time and money they spent fixing 
those defects to reproduce those." 

Veracode's Wysopal said the impact of 
cost per defect is based on the type of 
defect found and the point in the life 
cycle where it's found. Certain defects, 
like authorization problems, are found 
late in the process and are very expensive, 
as a developer has to rethink the design of 
his or her authorization scheme. But 
something like integer overflow, on the 
other hand, can be very easy to fix, 
because the solution merely involves 
inserting one or two lines of code. 

FINDING THE ORIGIN OF DEFECTS 

A defect may be more than it seems. 
Oftentimes, defects are a window into 
chronic development problems. 

When it comes to metrics, Fortify s 
Chess said that it is always important to 
understand where bugs and failures are 
coming from and what sort of bugs 
developers are writing. 

For instance, if buffer overflow is the 
mistake people are making over and over 
again, a manager might want to consider 
moving to a set of libraries that can elimi- 
nate that problem. "I think there are real- 
ly some interesting things you can do by 
keeping track of the kinds of defects 
you're finding in your code," Chess said. 

The origin of defects could also trace 
back to design time. Mark Eshelby, 
director of product management for 
Micro Focus, which acquired Com- 
puware's quality software line in May, 
said defects introduced in requirements 
and found by end users cost the most to 
fix. At the same time, a requirement 
defect found and corrected in require- 
ments costs the least to fix. 

"Defects are bad, but defects in 
critical business requirements or goals 
are really bad," Eshelby said. "The 
mainstay metrics of any testing and 
development organization are typically 
defect metrics. For many organiza- 
tions, this is their only metric, but 
defect metrics by themselves do not 
provide an accurate assessment of 
application quality. It's important to 
look at the defect metrics from the per- 



spective of the [business] questions 
you are trying to answer." 

Opposite from requirements in the 
life cycle is mean time to failure, which 
looks at the speed and frequency of fail- 
ures after an organization decides to run 
an application. Mean time to failure 
takes into account under what circum- 
stances a program fails and where in the 
SDL there failure took place. 

"Those are variants of the post-release 
issues that we think are hugely important 
metrics to understand," HP's Sarbiewski 
said. "Connected with that is finding out 
the nature of the defect. Is it require- 
ments, design or strictly a coding defect?" 

Sarbiewski said mean time to failure 
works on two angles for HP internally, 
both on a functional level and perfor- 
mance level. Mean time to failure can 
show if something isn't functioning cor- 
rectly and causes failure, and if an appli- 
cation crashes due to load. 

In addition to metrics such as mean 
time to failure and cost per defect, a 
good way to mark improvements in soft- 
ware quality, according to Cast's Curtis, 
is by looking at defect density, or defects 
per function point. "You can benchmark 
against it," he said. But it is not a fool- 
proof metric. 

The potential problem with that is 
when someone is comparing against test 
cases, they're limited by what the peo- 
ple who wrote the test cases knew about 
the system requirements, Curtis added. 
If there are things the test case writers 
didn't understand within the require- 
ments, a tester won't get the right 
cases and will have prob- 
lems within the code. 

"The best measure ulti- 
mately is looking at only 
defect density and opera- 
tion," he said. "'Given the 
first six months of operation, 
what did we see?' That's get- 
ting a good idea of how effec- 
tive we were at removing 
defects before we went into the 
field. 

"I'd want to see well over 
90% of the defects captured 



are 



QA 



before I get into test, and I'd want to see 
98-99% or higher captured before we go 
into operation." 

Indeed, today's metrics have made it 
possible for developers to eradicate 
more defects before code is shipped to 
the end user. 

QUALITY METRICS, QUALITY CODE 

There's been a lot of progress in quality 
metrics, said Curtis. He also said he sees 
improvements in measuring the structur- 
al aspects of code to determine if it has 
flaws that could lead to problems later on. 

With that, Cast focuses on determin- 
ing if an application is high quality so 
that an organization's cost of ownership 
remains low. 

"[Quality metrics] are a whole new set 
of metrics different from test coverage or 
defects per line of code that really look at 
the nonfunctional aspects of the system: 
the structural aspects, the engineering 
aspects, the architectural aspects," Curtis 
said. "And [they] begin to evaluate 
whether this is a good system or one that's 
teetering on its last legs." 

David Bressler, a product evangelist 
with Progress Software, said an impor- 
tant thing to keep in mind while testing 
is the ability to seamlessly fix a problem 
and quickly create a policy around it so it 
doesn't happen again. This will help 
improve the quality of future develop- 
ment, he said. 

Chris Kraus, a product manager with 
iTKO, meanwhile, said that people are 
getting more progressive in the way 
they're thinking about the quality of an 
application, because the way they're 
building applications is changing. 

"With multi-tiered, multi-layer, inte- 
grated environments, QA is now mea- 
suring multiple things," he said. 
"They're now looking at making sure 
systems are integrating properly and 
business logic is working properly, so the 
number of things they're measuring is 
increasing because quality is having to 
adapt to changes in application writing." 

Some of the things developers are 

checking with more complex applica- 

continued on page 26 ► 
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< continued from page 24 

tions and environments include system 
integration tests and user acceptance 
tests, which involve a product owner or 
client giving approval to a modification 
or addition to the system, Kraus added. 
Quality can also mean compliance with 
best practices and guidelines, which 
change how efficiency is measured. 

METRICS FOR MEASURING COMPLIANCE 

Bressler said that the main metrics in his 
eyes are the "number of rules per poli- 
cy" or "per standard." Metrics like those 
give an idea of how compliant a devel- 
oper is with coding practices from orga- 
nizations like the WSI (Web Services 
Interoperability) organization, which 
promotes Web service interoperability 
across platforms, operating systems and 
programming languages. 

"That could show up as the number 
of errors or a percentage of the overall 
spec, but there are metrics that are 
a bit harder to measure in terms of 
developer productivity," Bressler said. 
"You have metrics in two different 
dimensions: metrics that focus on how 
compliant developers are, and metrics 
on how successful they are as a software 
developer." 

Compliance doesn't always align with 




a developers work to an organizations 
guidelines, like the WSI. ICSA Labs, an 
independent division of Verizon Busi- 
ness, sets guidelines for commercial 
security products and specializes in 
research and certification testing for 
security. ICSA Labs works with product 
developers to create a set of standards 
and requirements for security. 

"Those cover everything from docu- 
mentation on the product to something 
as simple as the completeness of that 
documentation," said George Japak, 
managing director of ICSA Labs. "It's 
amazing as to how there's a disconnect in 
the documentation that developers pool 



together, and it's not necessarily in sync 
when the product goes to market." 

ICSA Labs reads a product's docu- 
mentation for completeness before the 
documentation and requirements are 
used to configure the product. Japak 
said that in many cases, the documenta- 
tion doesn't map correctly to the prod- 
uct and the functionality, or it'll even ref- 
erence functionality in the product that 
doesn't even exist anymore. 

WHAT METRICS MEAN TO YOUR ORG 

In today's software development 
process, there are two ways to look at 
application metrics, according to Vera- 



code's Wysopal. A development team 
can look at it from an organizational 
standpoint, understanding how effi- 
ciently an organization is working, or 
on an individual basis, drilling down to 
one piece of software and figuring out 
if there are too many defects in it. 

For example, Wysopal said that Ver- 
acode applies the Common Weakness 
Enumeration (CWE) to each defect 
found. The CWE is a community- 
developed list of software weakness 
types maintained by nonprofit technol- 
ogy organization MITRE to provide 
a common standard for describing 
security weaknesses in architecture and 
code. 

"If we find an integer overflow and 
label it with the CWE, right away I can 
track different classes and count how 
many defects I have in a particular 
class," Wysopal said. "But organiza- 
tionally, I can see what [defects] are 
skewed higher than they should be. I 
can then compare that to the industry 
average." 

A valuable metric, whether it is 
code coverage or defects per function 
point, is key to mastering a perfect 
symphony, free of slips and errors. 
That way, the entire process can 
remain in tune. I 
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DYNATRACE 




When evaluating application performance 
management products, perhaps the com- 
pelling solution is from dynaTrace— named 
to the 2009 SD Times 1 00. Their software, dynaTrace 3, moni- 
tors and diagnoses all transactions 24x7 and is used by all key 
contributors to application performance, including architects, 
developers, and test and production professionals. 

"dynaTrace 3 is more than a product/' says Bernd Greifender, 
dynaTrace's founder and CTO. "It's a single system targeted at 
the entire software development life cycle. Available in three 
editions, Development, Test Center and Production, it's the only 
system that provides consistent metrics and includes all 
features needed across the life cycle in a single solution/' 
dynaTrace 3 diagnoses and resolves the root cause 
of application performance issues in complex, dynam- 
ic environments such as multi-tiered, distributed 
applications; SOA and cloud-based applications; 
virtualized applications; and heterogeneous appli- 
cations built using Java and .NET. 

Because dynaTrace can trace every indi- 

(vidual transaction in complex environments at 
low overhead, it helps developers review 
individual production or other loaded trans- 



actions at code-level granularity, and see the transaction's full 
execution path, correlated with important contextual data like 
exceptions, bind variables, etc. 

Developers use dynaTrace for local performance management, 
integrated with build and test execution frameworks, so they can 
monitor performance during functional and continuous integra- 
tion testing. 

Architects and development/QA managers use dynaTrace 
to access performance dashboards that provide easily digestible 
data visualizations to monitor performance, and quickly dig into 
issues that are identified. 

Architects also use dynaTrace for validation— to visualize 
the true runtime behavior of individual transactions— so they can 
compare actual behavior to what was intended, preventing 
frustrating architectural issues from arising later in production 
when they're most expensive to resolve. 

"dynaTrace's system for Continuous APM across the life cycle 
has gained traction in the market quickly because it gives 
developers, their managers and architects what they need to 
succeed," Greifender says. "Just as importantly, it provides 
what everyone needs in a single solution, so that developers can 
work together with test and production in this new world of 
distributed complexity." * 



dynaTrace 

* software 
www.dynatrace.com 
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The weak link in most software development infrastructures is easy to spot: 
it's that bottleneck known as the build and test process. 

It's not just a technical issue; it's a business issue, because every hour spent manually scripting, dealing with 
homegrown tools, and waiting for "clean" builds to test is an hour that can't be spent on software innovation. 



Find out how Electric Cloud has streamlined and automated build and test processes for Qualcomm, 
Caterpillar, Intuit, and other leading enterprises— reducing annual development costs by as much 
as $2 million and enabling QA and development teams to focus on other things... like producing 
great software. 

Visitwww.electric-cloud.com to learn more. 
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the SharePoint Technology conference 
returns to San Francisco in 2010. 
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independent SharePoint conference 
of the year! 



SPTechCon features more than 
70 classes and workshops to teach 
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SharePoint, from content 
management to search to 
backup and much more! 
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■ An advanced user looking to 
master SharePoint? 

If you answered "yes" to any of 
these questions, then SPTechCon is 
for you! 




» " 1 



REGISTER by 

Sept. 4 for the 

EARLY BIRD RATE 






,££*£U3f«! 



&i 



sir 




For more information, go to 

www.sptechcon.com 




San Francisco 



February 10-12, 2010 • San Francisco, CA 
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"Excellent instructors and great course selection. 
This is a must-attend." 

Bob Walter, Systems Administrator, Porter Novelli 

"Awesome coverage of SharePoint. SPTechCon is a great 
place to learn and network with SharePoint Gurus." 

Devendra More, Associate Business Systems Analyst, CA Inc. 

"The conference was worth the price, and I would 
attend again." 

Jon Gebarowski, Web Development Manager, SeaChange Int'l 

"Lots of good stuff for various levels of SharePoint folks." 

Joel Dylhoff, Systems Architect, Ashley Furniture 
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FROM THE EDITORS 

Innovation is Sun s legacy 

Much has been written about the mishaps and missteps that led to 
the decline and fall of Sun Microsystems. At its height, it was a Sil- 
icon Valley powerhouse whose servers "put the dot in dot-com" nearly a 
decade ago. Today, the company is being acquired for a relatively paltry 
sum by Oracle. 

It's easy to take shots at where Sun fell short. Purchasing companies 
and failing to commercialize them, such as its acquisition of Cobalt Net- 
works. Spending a fortune on an open-source software without explain- 
ing the return on investment, like its US$1 billion buy of MySQL AB in 
early 2008. Stumbling in attempts to take leadership in Java application 
servers, a market that it invented — then lost. 

It's also easy to pin the blame on Jonathan Schwartz, who took over the 
reins as Sun's president in 2004, and became CEO in 2006. While SD 
Times has been critical of Schwartz, we also note that the company had 
been trending downward before his ascension — and he apparently had 
the company's cofounder and chairman, Scott McNealy, backing him up. 

Rather than take those shots, we'll pause for a moment and think about 
the genuine innovation that characterized this truly unique company. Sun 
had a profound impact on Silicon Valley and the entire computer indus- 
try. Its SPARC processor came to dominate the world of RISC-based 
servers and led the industry toward 64-bit computing. Sun's version of 
Unix, called Solaris, earned a reputation for stability and reliability, and 
introduced cutting-edge features like DTrace and ZFS. 

The Java language, invented at Sun, and the Java Virtual Machine gave 
the software development world its first commercially successful managed 
runtime environment. "Write Once, Run Anywhere," while never perfect- 
ly implemented by competing Java EE vendors, remains a compelling 
vision. The Java Community Process brought together many of those com- 
petitors and provided a successful forum for evolving the Java platform. 

Beyond Java, Sun impacted development with its purchase of Net- 
Beans and its decision to release the platform as open source. While lack- 
ing the market power of rival Eclipse, NetBeans is technologically sec- 
ond to nothing. 

While Sun's business mistakes caused many sighs, its spirit of creativ- 
ity was the envy of the entire computer industry. As Sun's intellectual 
property, as well as its assets and human capital, pass over to Oracle, we 
hope that the spirit of innovation will live on. 

The open-source lobby 

Open-source software should play a role in government. Open-source 
software can save taxpayers money (up to 15% of the U.S. govern- 
ment's IT budget, according to one estimate). Why should governments 
pay contractors to duplicate work that's already been done by open- 
source communities? It doesn't make sense. 

Well, yes it does, when you consider how governments procure soft- 
ware. Requirements are often shaped by lobbyists, which results in RFP 
(Request for Proposal) documents that are written to suit those lobbyists' 
clients. That's how government has worked for decades in buying every- 
thing, from applications to airplanes. 

For the most part, lobbyists work for big software companies and giant 
contractors. Thus, that's where the money flows. That's often bad for tax- 
payers, especially when there are less-expensive solutions available. 

To play successfully in government, open-source software needs more 
visibility and a voice in how government buys software. That means edu- 
cating agencies to ensure that open-source solutions can qualify for RFP 
bids, and also directly lobbying for open-source adoption. 

That's what the new Open Source for America organization promises. 
In theory, that's a good idea. What we're concerned about, however, is 
that the new coalition will merely lobby the government to buy products 
and services from its corporate sponsors. That would be a disservice to 
the open-source community and to taxpayers alike. I 
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HOW OFTEN DO YOU BUY A CAR? 

Some drivers turn in their cars every 
couple of years. Others drive them until 
the wheels come off. Others split the dif- 
ference, trading in every five or six years. 

Generally speaking, people change 
cars because something is wrong with 
the car that they have, or because their 
requirements have changed, or because 
they just want a different one. 

What about computers? People used 
to replace their computers because new 
ones had essential features that the old- 
er ones didn't have. 

The problem is that todays computer 
hardware and software is so darned good 
that the regular upgrade cycle has col- 
lapsed. Look at Microsoft's terrible finan- 
cial results, reported on July 23. You 
might say that's because Microsoft is hav- 
ing its butt kicked by companies like 
Google and Apple. But that's not why 
Microsoft, and many other companies, 
are in such a funk. 

Consumers and businesses used to buy 
lots of new "stuff every year or two. New 
computers, going from a 286 to a 386 to a 
Pentium. New modems. New printers. 
New operating systems. New productivity 
suites. The changes in hardware, in oper- 
ating systems and in major applications 
were so significant that the upgrade was 
perceived to be a good value. 

Today, consumers buy computers 
because something's wrong with the 
computer that they have or because they 
just want a different one. Businesses 
only buy new desktops and notebooks if 
they absolutely must do so. 

Apple and Hewlett-Packard have done 
a great job of tapping into the "just want 
one" segment of the computer market. 
Other companies, from Microsoft to Intel, 
from Dell to Lenovo, 
aren't succeeding in 
convincing consumers 
that they need new 
hardware or software. 
Got a 2.1GHz 
Core 2 Duo processor 
in your computer? That's fast enough. 
Got Windows XP? That's good enough. 
Got Office 2003? It has every feature you 
need. A quad-core chip, Windows Vista 
and Office 2007 aren't going to move 
you. . . or move your credit card. 

We'll have to see if Windows 7, Office 
2010 and eight-core chips can jolt con- 
sumers into wanting to upgrade. If not, be 
prepared for more sad earnings reports. 
— Alan Zeichick 

THE END OF JULY always mean it's 
exploit season. As the hackers rush to 
Las Vegas to share their tales of heroism 
and adventure with one another over 
slot machines and beers, the rest of 
the world is usually treated to some 
extremely interesting drama as a result. 
One such bit of drama came as the 
Black Hat conference opened up. It 





would appear that a group of hackers 
delivered their Summer of Hax package, 
zf05, just as Black Hat hit full steam. This 
group targeted famous hackers like 
Kevin Mitnick and 
Dan Kaminsky, then 
published console logs 
showing off their per- 
sonal computer sys- 
tems. The hack seems 
not to have brought 
about any actual loss of data or zero-day 
exploits, but it did constitute a huge 
breach of privacy for all those targeted by 
the attacks. 

It plays to a big trend in security right 
now: backlash against disclosure. The 
ImageShack compromise in July was 
also a prong in this rising fork of securi- 
ty. The Anti-Sec movement, responsible 
for the ImageShack attack, includes pro- 
paganda in its hacks that accuse full-dis- 
closure enthusiasts of being sellouts. 

It's as good a reason as any to make 
sure your company keeps a low security 
profile. Never brag about security in 
public. 

— Alex Handy 

MICROSOFT DID THE RIGHT THING 

by releasing source for its Hyper-V Lin- 
ux kernel drivers after it was found to be 
in violation of GPLv2. Although it was 
ironic given Microsoft's intellectual 
property rights claims against the open- 
source community, it wasn't a huge deal. 
Microsoft is not the only company that 
didn't follow the GPL process to the let- 
ter, and it is not the only company that has 
donated to Linux to meet a business goal. 
The difference is that it was Microsoft, a 
company that is a magnet for criticism, 
whether deserved or undeserved. It could 
announce a project to help old ladies cross 
the street, and get criticized for stepping 
on their toes. 

— David Worthington 

NEWS UPDATE: My M-Audio has 
been found! I wrote a Short Take back in 
July of how my M -Audio, an interface 
that allows me to plug musical instru- 
ments into my laptop and record them 
onto software, was nowhere to be found. 

I had moved into a new apartment 
back in May and was hoping that it was in 
a crate that I was using for storage. But I 
became a bit panicky when it wasn't in 
any of the boxes I brought to the new 
apartment. 

However, after a few fruitless searches 
at my old house in Huntington, N.Y., this 
past weekend, I came across a big plastic 
bin in a basement closet that was under- 
neath several other bins. I rummaged 
through it. Finally, after checking under a 
blanket, I finally found my M -Audio! 

I am very glad to have it back. Now I 
have the opportunity to put it someplace 
where I will lose it all over again. 

— Jeff Feinman 
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Addressing security in outsourced applications 



-including 



While outsourcing code develop- 
ment offers many benefits, it is 
absolutely critical that the team respon- 
sible for evaluating these applications 
makes security its principal criterion 
when evaluating outsourced develop- 
ment proposals. 

There are several overriding security 
issues that arise when considering out- 
sourced development. All of 
these concerns require careful 
planning, execution and moni- 
toring to verify that they are 
addressed prior to acceptance 
of the software from the out- 
sourcer. It is essential to ade- 
quately define, evaluate and set 
up security requirement crite- 
ria for the security of delivered 
applications, and they should 
include security terms in the 
actual development contract 
implementing secure source code analy- 
sis prior to accepting the code. 

Security is a critical element in any 
application development effort, and 
therefore it should also be a major com- 
ponent of the contract for all outsourced 
development projects. Many organiza- 
tions already define service level agree- 
ments that set expectations and terms, 
milestones and deliverables according to 
a specific timetable. Even in the cases 
where security requirements are includ- 
ed, few companies have a method for 
measuring or certifying that the code is 
secure before it is accepted and 
deployed. This can lead to dangerous 
threat vectors for potential security 
breaches via unsecured code. 

A security addendum should require 
outsourcers to deliver software to a 
mutually agreeable security audit to 
determine if the delivered software is 
free from specific vulnerabilities and 
vulnerability categories. The "teeth" in 
the agreement is that the customer has 
no obligation to pay for or accept any 
insecure software. The contract should 
also include critical security metrics that 
must be met for the software to be 
deemed acceptable under the terms of 
the agreement. 

Any and all application development 
contracts should include language and 
provisions that address security mecha- 
nisms, best practices, developer skills 
and audits. 

Appropriate use of security mech- 
anisms: Have the necessary security 
mechanisms been included to ensure the 
application performs only the requested 
functions? Were those security mecha- 
nisms deployed properly? Both proper 
design and proper implementation must 
be validated to ensure the foundation for 
effective security is in place. 

Secure coding best practices: Does 
the outsourcing development vendor 
have a clearly defined set of secure cod- 
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ing best practices, and do these meet the 
requirements and needs of the customer? 
How is it documented and validated? 
Secure coding practices are a defined and 
well-articulated discipline that should be 
an integral part of an outsourcing ven- 
dor's development processes. 

Programmer experience and skill 
sets: Are the programmers educated in 
those secure coding tech- 
niques? How is that docu- 
mented and defined? What 
processes are in place to make 
sure that those techniques are 
followed? It is vital to make 
sure that the developers 
assigned to the project pos- 
sess the training, skills and 
awareness to develop a secure 
application. In reality, most 
developers are not properly 
trained in writing secure code, whether or 
not they work for an outsourcing firm. 

Presence of malicious code: Is 
there an audit process in place to ensure 
malicious code has not been inserted 
into the software? Are the auditors 
trained to identify malicious code in soft- 
ware? There should be a process for 
reviewing critical code for such dangers 
as viruses, worms, backdoors and trojans. 
Secure code audits: A critical ele- 
ment of the security addendum is a 
security audit that is performed to verify 
that security obligations have been met. 
An in-depth analysis of the source code 
for security vulnerabilities is a critical 
component to ensure the security of 
delivered outsourced applications. 

Until recently, the only effective way 
to accurately ascertain the security state 
of an application was via expensive and 
time-consuming manual code review, 
which would usually be performed only 
once or twice a year. Thankfully, there 
are now proven security-testing tech- 
nologies to automate key parts of this 



process and improve efficiency by an 
order of magnitude. 

Commercial solutions include prod- 
ucts capable of automatically analyzing 
source code for vulnerabilities. This new 
class of application analysis tools offers a 
way to investigate, repair and validate the 
security of the mission-critical applica- 
tions, whether developed in-house or by 
an outsourcing partner. And these tools 
allow deployment at any point in the 
software development life cycle. Todays 
technology has removed all roadblocks 
that have stood in the way of enterprises 
deploying secure code — no matter 
where it was originally developed. 

Ensuring the security of the mission- 
critical applications must no longer be an 
afterthought. Not only is it costly to find 
security flaws later in the application life 
cycle, but it can also have devastating 
affects for an entire business if business- 
critical information is compromised 
because of a lack of security forethought. 

Businesses need to proactively inves- 
tigate, repair and validate the security of 
their mission-critical applications, 
whether developed in-house or by an 
outsourced partner. Identifying security 
requirements of an outsourced project 
upfront and setting criteria for accep- 
tance within the contract are key com- 
ponents in ensuring that the code deliv- 
ered by the outsourcing provider is 
secure . . . and an effective way to ensure 
that you're not exposing your business to 
avoidable risk. I 

Ryan Berg is cofounder and chief scien- 
tist for Ounce Labs, a software security 
company. 

WHAT'S YOUR VIEW? 

SD Times welcomes Guest View 
submissions from our readers. 
See the guidelines at 
sdtimes.com/go/guestview 



LETTERS TO THE EDITOR 

The Future of HTML 



Regarding your article JI W3C stops work on 
XHTML 2" (Aug. 1, page 6): To guote myself 
in public, "Simple always wins, and compli- 
cated always breaks." The key to the success 
of HTML 5 has been in asking the simple 
question, "What problem does this solve?" 
whenever someone wants to add something 
to the spec. The spec is not complete when 
you can't add any more to it. The spec is 
complete when you can no longer remove 
anything from it. 

Sean UH, United States 

THE FLUIDITY OF AGILE 

Thanks for running this article ("Getting 
agile teams ready for takeoff," July 1, page 
4). One thing I did not state clearly in the 



interview is that Scrum does have a Product 
Owner role who is responsible for indicating 
business priorities and direction, while 
adjusting it every iteration. While executing 
each iteration, there is no externally appoint- 
ed "team lead" regarding technical imple- 
mentation. As the article suggests, in a col- 
laborative Scrum team (jazz ensemble, 
improv acting group, etc.), leadership moves 
fluidly from person to person based on 
emerging discovery. 

Michael James, United States 



Letters to SD Times should include the writer's name, 
company affiliation and contact information. Letters 
become the property of BZ Media and may be edited. 
Send to feedback@bzmedia.com. 
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Return of the developer workstations 



Early this summer, I completed one of 
the largest head-to-head reviews of 
workstations that is likely to see print 
this year. I carefully examined five sys- 
tems from Dell, Hewlett-Packard and 
Lenovo (the top three vendors by mar- 
ket share, respectively), and bench- 
marked them on a variety of different 
tests. In the process, I spent a lot of time 
either on the phone or on site with the 
vendors. To my surprise, I discovered 
that software development is re-emerg- 
ing as a driver for workstation sales. 

This development might seem to 
contradict the general perception that 
most developers cut code on their lap- 
tops or on high-end desktops. But value- 
priced workstations are starting to 
become the new system of choice. 

To clarify an important set of differ- 
ences, workstations are distinguished 
from the high-end desktop by several 
factors: better graphics, more memory, 
greater storage capability, and certifica- 
tion to run workstation apps. To devel- 
opers, the certification is not crucial or 
even important. But the other three 
attributes are definitely important. 

Let's look at a specific machine. I'll go 
with the Dell T3500, which was the 
price/performance leader of the entry- 
level tier of workstations I reviewed. It 



sports an Intel Nehalem quad-core Xeon 
processor running at 2.93GHz. Because 
the Nehalem-class chips support robust 
hyper-threading, this chip provides eight 
simultaneous threads of execution. 

Graphics consists of an Nvidia FX 
4800 card, which is the highest level 
of graphics performance commonly 
available on workstations; it 
comes with 1.5GB of dedicat- 
ed graphics RAM. The system 
comes with two SATA disk dri- 
ves running at 10K RPM and 
combined in a RAID design, 
which delivers 160MB/sec. of 
HDD bandwidth. (Typical 
SATA is around 60MB.) 

As configured, the T3500 
comes with 4GB DDR3 
RAM, but the system supports 
six DIMM slots, so a lot more can be 
loaded up. In addition, it has five drive 
bays and nine USB jacks. All this con- 
sumes only 100W of power at rest (not 
working, but not hibernating) and can 
be bought from Dell for less than 
US$3,200, excluding sales and promo- 
tions. For perhaps $1,200 more than a 
good developer desktop, this machine 
brings far more graphics and processing 
power, plus great expandability, using 
less power than a run-of-the-mill PC. 



Integration Watch 
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The key elements are the Nehalem 
processor and the expansive RAM. 
Between them, they make it easy for 
developers to use virtualization on their 
desktop. Running a VM containing Linux, 
for example, while developing on Win- 
dows XP is now both easy and fast. The 
VM can have a large compliment of mem- 
ory and run at native speed, 
due to its use of dedicated 
cores and hardware threads. 

Some applications need 
two VMs for testing: one for 
the client and for the server. 
Running two VMs is equally 
effortless and does not inter- 
rupt the foreground develop- 
ment work. Virtualization, 
especially as used for testing 
and verification, is one of the 
primary drivers of workstation purchases 
for developers. 

Increasingly, so is background pro- 
cessing. One novel form of this is run- 
ning a CI process in background. As you 
check in code to your private repository 
(prior to committing it later on to the 
project's SCM system), the process runs 
the full CI cycle more or less continu- 
ously in background. 

Some developers prefer not to have a 
CI server running in the same process 



space, so here, again, a VM makes sense. 
Run the CI server in a VM and configure 
it to send out an IM on any failures. This 
configuration is a lot like what is today 
termed "prellight," an agile concept, in 
which builds are done locally in a sandbox 
prior to a commit to make sure the com- 
mit code does not break the larger build. 

The FX 4800 graphics adapter might 
be overkill if you're not developing 
games or multimedia apps. And if that's 
the case, a lesser card will save hundreds 
on the system price. 

In my opinion, the use of dual moni- 
tors is the single biggest productivity 
booster for a developer. And driving two 
large screens in which multiple windows 
can be open (the Web, Javadoc, and the 
CI server on one screen, the IDE on the 
other, for example) is best done with a 
robust graphics adapter. 

The fast disk I/O is a final performance 
boost that is especially welcome during 
VM startup and local builds of large pro- 
jects. I am not a full-time developer, but I 
work on a workstation and I highly rec- 
ommend that managers provide them to 
their busiest developers. At these prices, 
the ROI is too compelling to work on less- 
er systems — especially when the cost is 
averaged over the lifetime of the worksta- 
tion (typically three to four years). I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his blog at 
binstock.blogspot. com. 
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Is Tom DeMarco losing control? 



Tom DeMarco has dropped a bomb- 
shell. His recent "Viewpoints" col- 
umn in IEEE Software disavows several 
of the fundamental aspects of software 
engineering, including the premise that 
"control is an important aspect, maybe 
the most important, of any software pro- 
ject." It isn't, he says. 

A stunning statement, given the 
source. DeMarco's "Controlling Soft- 
ware Projects: Management, Measure- 
ment and Estimates" was among the 
most influential texts in the 1980s. For 
software managers of my generation, 
"You can't control what you can't mea- 
sure" has been as much a touchstone as, 
say, "Don't blame me; the requirements 
were incomplete." DeMarco is one of 
the most influential people in our field, 
having written classic books both on his 
own and with Timothy Lister ("People- 
ware," "Waltzing with Bears"). 

For many of us, the problems of soft- 
ware management have seemed to be 
problems of control; managing develop- 
ers is like herding cats, choosing a tech- 
nology is like landing a plane on an air- 
craft carrier, controlling client 
expectations is as important as develop- 
ing software, and so forth. 

It's not that these problems are illu- 
sions, says DeMarco now. It's that they 




don't capture the potential of software. 
Sure, some software projects may only 
deliver a small payback on their devel- 
opment costs, but many software pro- 
jects provide returns that are huge mul- 
tiples of their costs, and they transform 
the business. Does it matter that a retail 
website had cost or time overruns if the 
payback is the transformation 
of a brick-and-mortar store- 
front into a global vendor? 
Does it matter that two tries 
at a new application had to be 
scrapped if the third try puts 
you on top of the market? 

It strikes me (as things 
often do at this time of the 
year) as akin to baseball, 
where one can obsess over 
small-ball issues. But let's face 
it: Stadiums get built for power hitters. 
The wonderful thing about software is 
that most software development teams 
can, if unleashed, propose software that 
has the potential to be transformative. 
Developers are necessarily immersed in 
software and technologies and will likely 
be the first to imagine recasting a 
domain problem into a new type of tech- 
nology or platform. 

On the other hand, as I discussed in a 
recent column ("Prototyping with Pro- 
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cessing," July 15), few teams are so trust- 
ed that they are given research and 
development budgets and the freedom 
to grab for a brass ring. The augmented 
reality application that I recently investi- 
gated would have been great, but there 
was no way to sufficiently mitigate the 
risks, and in the end I decided not to 
propose it to the client. 

Was that a failure of imagi- 
nation on my part, clinging to 
an old-fashioned need for con- 
trol? Perhaps. But I just don't 
live in a world (and certainly 
not in an economic climate) 
where clients accept "big risk, 
big payoff' as a justification for 
a software project. 

The case is different, of 
course, if you're doing 
"greenfield" development. I was recent- 
ly brainstorming with a colleague, and 
he kept berating me for suggesting 
things that were too incremental. "If we 
launch with such a thing, we're going to 
be lost in the noise. How can we capture 
market share if we're just a nice 
improvement' on established products?" 
He was thinking very much in the 
mode that DeMarco advocates, trying to 
imagine something to build a company 
upon. I was doing what DeMarco warns 
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Larry 
O'Brien 



of: "[T]he more you focus on control, 
the more likely you're working on a pro- 
ject that's striving to deliver something 
of relatively minor value." 

One of the most appealing things 
about DeMarco's recent writing is that 
he declines to descend into the weeds of 
methodology. Beyond incremental deliv- 
ery and "starting early," he has little to 
say about development processes. Agile 
methods may be superior, not because 
they are necessarily better routes 
towards consistency and predictability, 
but because certain things are not as 
important as we've thought they were. 

Incremental delivery, it should be 
remembered, allows business users the 
one aspect of control they really care 
about: funding. If, every few weeks, a 
client is given a new potentially deploy- 
able application and the opportunity to 
continue the project down the path or 
cancel it, they are likely to feel more in 
control of the process than most. 

Of course, this raises the question of 
how to go about imagining software that 
is both transformative and incrementally 
developable. Perhaps if we spent as 
much effort trying to solve this contra- 
diction as we have trying to figure out 
which metrics to collect, we might put 
our industry on a more satisfying path. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his hlog at 
www. knowing, net. 




Are You a Fly-by-Night Company? 



Do your potential customers worry about YOU? 



Everyone has been burned by a fly-by-night 
software company that sold them tools and 
then disappeared. So Before you make the sale, 
you have to earn your customer's trust that 
you'll deliver what you promise and that you'll 
still be around to provide service and support. 

And in a recession, trust and 
confidence in a supplier are more 
important than ever. 



How do you build that trust? How do you assure 
potential customers that you are in business 
for the long haul? The answer is regular print 
advertising in a trusted medium like SD Times. 
For nine years, BZ Media's SD Times has built 
a trusted relationship with its readership of 
software development managers, architects 
and team leaders — trust that naturally rubs 
off on our advertisers. 

Your customers are looking for someone they 
can trust. You should too. Call SD Times today. 
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It's worthwhile to track software spending 



Industry Watch 



In difficult economic times, software 
organizations make difficult decisions. 
Should they trim the workforce to trim 
costs? Should they reduce the number 
of projects to maximize their efforts in 
areas with the greatest return? Should 
they shutter a location to consolidate 
people and equipment into fewer sites? 

Some of these decisions can be based 
on hard data. IT managers can 
easily find out how many peo- 
ple they have on their payroll, 
or the costs of running multi- 
ple projects, or how much 
they pay for rent, or what the 
value of a property is that they 
might want to sell. Others are 
educated guesses, such as the 
ROI of a software project. 

There is another, often 
overlooked area that can gen- 
erate big savings within an organization: 
software license management. Licenses 
come in all shapes and sizes, from user 
and concurrent licenses to more flexible 
pay-as-you-go subscription terms. 

According to Howard Hastings, IT 
asset management evangelist at CA, 
companies tend to prefer simple volume 
licensing because it's simple to imple- 
ment. They have 1,000 workers, so they 
need 1,000 licenses. But what happens 
when 20% of the workforce is laid off? 
Do the companies recoup that money? 
Often, the answer is no; they may still be 
paying for 1,000 software licenses. 

Hastings said software inventories 
often don't give enough information to 
help companies manage their money. 
"Whether the software is used or not, if 
it's found [in an inventory], it counts. 
Especially in larger organizations, 
there's no real way of knowing if the soft- 
ware is preloaded under OEM, or part 
of a volume license, or even an evalua- 




tion copy that can no even be activated," 
Hastings explained. "This is information 
that's hard to get." 

In fact, he said, his experience indi- 
cates that two-thirds of the companies 
he talks with don't do anything at all to 
manage software, because of the diffi- 
culty of doing so. "They're throwing 
darts at a wall," he said. 

There are a number of fac- 
tors conspiring against solid 
accounting of software. PCs 
and server boxes can be 
counted. But what lies inside 
is often almost intangible, 
Hastings said. Individuals 
think their "personal comput- 
er" is just that, even though it's 
owned and maintained by the 
company. 

So a user might purchase 
and install a piece of software he needs 
for personal use or to better do his job, 
without the IT department knowing 
about it until an inventory is done. That's 
where the detective work comes in: It can 
take significant work and time (and 
expense) to find out if the software was 
purchased outright, if it's is licensed on an 
annual basis, and to see if it might bene- 
fit others within the organization. 

(Admittedly, this is less of a problem 
since Y2K and 9/11; organizations now 
are more willing to lock down their IT 
systems to ensure that no rogue software 
can be installed. This remains a problem 
in software development departments, 
where rogue tools are still the norm.) 

But perhaps the most important fac- 
tor is the lack of procurement standards 
and policies, Hastings said. "If every- 
one's supposed to use Office 2007 [in 
an organization], why do I still have 
Office XP or WordPerfect installed? 
These deviate from the standard and 



should be examined." 

Most companies, if they looked at 
their software assets, would likely have 
excess licenses. Enforceable policies and 
procedures can help organizations get a 
handle on their software. Hastings noted 
that 60% of licensing costs come during 
the requisition and fulfillment phase. 

"People are starting to say they don't 
want to be in this scenario again" of hav- 
ing to start from scratch and blindly buy 
software, said Hastings. "With a process 
in place, you can say, 'Here's what we 
bought, and here's what we used,' so at 
the time of the next [licensing contract], 
we can manage the opportunity much 
better." 

This is not small stuff. Large compa- 
nies can pay in the hundreds of millions 
of dollars per year for software. 

Hastings pointed out the software 
license management helps organizations 
get leaner in IT. People bandy the word 
"lean" about in relation to IT, but Hast- 
ings defines it as building in a process 
for tracking and making the best use of 
company software assets. "The biggest 
complaint I hear during audit time is 
that managers aren't getting enough 
information from their inventory." 

He said he has seen companies that 
don't even separate license costs from all 
other expenses, instead just putting the 
information in a box marked "January 
2003 expenses," for example. That's like 
the end of "Raiders of the Lost Ark," 
when the Ark of the Covenant is num- 
bered and stored away in a huge govern- 
ment warehouse, with the implication 
that it won't be found again for years. 
That's not a good way to handle valuable 
artifacts of any kind. I 
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BUSINESS BRIEFS 




IBM has acquired Ounce Labs, a privately held maker of source 
code analysis software. Terms of the transaction were not dis- 
closed. Ounce Labs' software scans source code to find potential 
security vulnerabilities and areas of non-compliance during devel- 
opment. The acquisition is the second in the software security 
space for IBM; in 2007, it acquired Watchf ire-maker of the App- 
Scan security and compliance testing software-to bolster its Gov- 
ernance and Risk Management offerings. Ounce Labs' technology 
will be rolled into IBM Rational AppScan tools . . . IBM also has 
announced plans to acquire analytics software maker SPSS for 
approximately US$1.2 billion. IBM executives said the acquisition 
of the Chicago-based company will help grow its Information on 
Demand business analysis portfolio. 

EARNINGS: IBM reported second-quarter 2009 revenues of 
US$23.3 billion, a 13% decrease from the 2008 quarter. Net 
income was $3.1 billion, compared with $2.8 billion in 2008, an 
increase of 12%. Revenue in North America and South America 
was $9.9 billion, a decrease of 9% from the same quarter a year 



ago. Revenues from Europe/Middle East/Africa were $7.9 billion, 
down 20%. Asia-Pacific revenues decreased 7% to $4.9 billion 
. . . Microsoft reported a 17% decline in year-over-year fourth- 
quarter revenue, totaling US$13.1 billion. Operating income, net 
income and diluted earnings per share for the quarter were $3.99 
billion, $3.05 billion and $0.34 per share, which represented 
declines of 30%, 29% and 26%, respectively when compared with 
the prior year. For the fiscal year ended June 30, Microsoft report- 
ed revenue of $58.44 billion, a 3% decline from the prior year . . . 
Pervasive Software, a provider of embeddable data management 
and data integration software, announced results for the fourth 
quarter and fiscal year ending June 30. Revenue was US$47.2 mil- 
lion, an increase of 11% compared to $42.5 million for last fiscal 
year. Net income for the year was $5.3 million, compared to $3.0 
million the year before . . . SourceForge announced that total rev- 
enue for the second quarter of 2009 remained flat at US$11.8 mil- 
lion, the same result as for the second quarter of 2008. Net loss 
for the second quarter of 2009 was $3.6 million compared to a net 
loss of $3.8 million for the same period a year ago. I 



events Calendar 



SHARE 

Denver 
SHARE 

www.share.org 



August 23-28 



Agile 2009 

Chicago 
AGILEALLIANCE 

agile2009.agilealliance.org 



August 24-28 



Software Product August 24-28 
Lines Conf. 

San Francisco 

SOFTWARE ENGINEERING INSTITUTE 

www.sei.cmu.edu/splc2009 



VMworld 

San Francisco 
VMWARE 

www.vmworld.com 



August 31-Sept. 3 



Red Hat Summit 
SJBoss World 

Chicago 

RED HAT/JB0SS 

www.redhat.com/promo/summit/2009 



Sept. 1-4 



ESC Boston 

Boston 
TECHINSIGHTS 

esc-boston.techinsightsevents.com 



Sept. 21-24 



Intel Developer Forum 

San Francisco 
INTEL 

www.intel.com/idf 



Sept. 22-24 



Software Business 2009 Sept. 29-30 

San Diego 

WEBC0M COMMUNICATIONS 

www.softwarebusinessonline.com 

XML-in-Practice 2009 Sept. 30-0ct. 1 

Washington, D.C. 
IDEALLIANCE 

www.idealliance.org 



Adobe MAX 

Los Angeles 
ADOBE 

max.adobe.com 



Oct. 4-7 



VSLive Orlando 

Orlando 
1105 MEDIA 

vslive.com 
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Oracle OpenWorld 

San Francisco 
ORACLE 

www.oracle.com/us/openworld 



Oct. 11-15 



Zend/PHP Conf. 

San Jose 

ZEND TECHNOLOGIES 

www.zendcon.com 



Oct. 19-22 



Software Test 
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Cambridge, Mass. 

STP COLLABORATIVE MEDIA 

www.stpcon.com 



Oct. 19-23 



Web 2.0 Summit 

San Francisco 
O'REILLY MEDIA 

www.web2summit.com/web2009 



Oct. 20-22 



ARM TechCon3 

Santa Clara 
RTC GROUP 

www.armtechcon3.com/2009 



Oct. 21-23 



For a more complete calendar of U.S. software 
development events, see www.sdtimes.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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Fully Optimized For Visual Studio 2008! 

With new releases always in the pipe - including exciting .NET add-ons like our new Silverlight extension - Dundas gives you even more reasons to 
build effective custom dashboard solutions. 

As the leader in data visualization solutions for .NET, SharePoint 2007 and SQL Server Reporting Services 2005 & 2008, Dundas offers the latest 
award-winning chart, gauge, map and calendar technologies. Now you know why Fortune 500 companies around the globe trust Dundas to create 
sophisticated and visually compelling dashboard components. 

To see for yourself how Dundas products can improve your applications, download full evaluation copies of Dundas Chart, Gauge, Map and 
Calendar from www.dundas.com/downloads . 
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